计算机科学 ›› 2015, Vol. 42 ›› Issue (10): 60-64.

• 网络与通信 • 上一篇    下一篇

基于关键字的单协议分类

郑杰,李建平   

  1. 电子科技大学计算机科学与工程学院 成都611731,电子科技大学计算机科学与工程学院 成都611731
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受中国工程物理研究院科技发展基金(2012A0403021),NSAF联合基金(U1230106),国家信息安全发展计划(2013F098)资助

Classification of Single Protocol Based on Keywords

ZHENG Jie and LI Jian-ping   

  • Online:2018-11-14 Published:2018-11-14

摘要: 网络协议是网络通信中一系列标准的集合,未知协议的识别和分析对网络监管、保障网络安全具有重大意义。协议识别技术多种多样,但大都不适用于二进制的协议识别。在此针对现有的协议识别技术的局限性,提出了一种在双方单协议通信环境下的多种类型二进制数据帧的协议识别方法。该方法首先利用n-gram技术对数据帧进行分割,然后利用无监督的特征选择算法提取特征串集合,从而利用聚类算法实现协议消息的识别。最后在ICMP上对该方法进行评估,消息识别的准确率和召回率均可达到90%以上。

关键词: 协议识别,单协议,无监督,特征选择,聚类算法

Abstract: Network protocols are sets of standards for certain network communications.The protocol identification and analysis have great significance for network management and security.Although there are all kinds of protocol identification technology,most of them are not suitable for the binary protocol identification.To address this issue,the paper proposed a novel method of protocol identification which can classify the same protocol into several messages in the environment of single protocol communication.This method utilizes n-gram to segment the data frames and then extracts the set of keywords using unsupervised feature selection algorithm.At last,it implements the identification of different type of messages using clustering algorithm.Finally the method was evaluated on ICMP.The results show that the rate of precision and recall can both reach more than 90%.

Key words: ZHENG Jie LI Jian-ping (School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China)

[1] 牟乔.准确高效的应用层协议分析识别方法[J].计算机工程与程序,2010,2(8):39-45 Mou Qiao.A Suite of Precise and Effcient Analyzing Techniques for Application Protocols[J].Computer Engineering and Science,2010,32(8):39-45
[2] IANA.http://www.iana.org/assignments/port—num-bers
[3] Liu R T,Huang N F,Chen C H,et al.A fast string-matching algorithm for network processor-based intrusion detection system[J].ACM Transactions on Embedded Computing Systems,2004,3(3):614-633
[4] IANA.Internet Assigned Numbers Authority.http://www.iana.org/assignments/port-numbers
[5] Kim M S,Won Y J,Hong J W K.Application-level traffic monitoring and an analysis on IP networks[J].ETRI Journal,2005,27(1):22-42
[6] Chen C C,Wang S D.An efficient multicharacter transitionstring-matching engine based on the Aho-Corasick Algorithm [J].ACM transactions on architecture and code optimization,2013,10(4):1-22
[7] Wright C,Monrose F,Masson G M.HMM profiles for network traffic classification[C]∥Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security.New York,USA,ACM,2004:9-15
[8] Wright C,Monrose F,Masson G M.Towards better protocolidentification using profile HMMs:JHU-SPAR051201 [R].2005:325-328
[9] Bernaille L,Teixera R,Akodkenou I,et al.Traffic classification on the fly[J].ACM SIGCOMM Computer Communication Review,2006,36(2):23-26
[10] Zander S,Nguyen T,Armitage G.Self-learning IP traffic classification based on statistical flow characteristics[M]∥Passive and Active Network Measurement.Heidelberg,Germany:Springer,2005
[11] Peltola H,Tarhio J.String matching with lookahead [J].Discrete applied mathematics,2014,163(1):352-360
[12] Giaquinta E,Fredriksson K,Grabowski S,et al.Motif matching using gapped patterns [J].Theoretical Computer Science,2014,548:1-13
[13] Deyoung M E.Dynamic protocol reverse engineering:a grammatical inference approach [D].Air Force Institute,2008
[14] Nohl K,Evans D,Starbug S,et al.Reverse-Engineering a Cryptographic RFID Tag[C]∥USENIX Security Symposium.San Jose,California,USA,2008:185-194
[15] Wang Y,Zhang N,Wu Y,et al.Protocol Specification Inference Based on Keywords Identification[M]∥Advanced Data Mining and Applications.Springer Berlin Heidelberg,2013:443-454
[16] Sen S,Spatscheck O,Wang D.Accurate,scalable in-networkidentification of p2p traffic using application signatures[C]∥Proceedings of the 13th international conference on World Wide Web.New York,USA,ACM,2004:512-521
[17] Wang Y,et al.A semantics aware approach to automated reverse engineering unknown protocols[C]∥ICNP 2012:20th IEEE International Conference on Network Protocols.Austin,TX,USA,IEEE,2012:1-10
[18] Kang H J,Kim M S,Hong J W K.A method on multimediaservice traffic monitoring and analysis [M]∥Self-Managing Distributed Systems.Heidelberg,Germany:Springer,2003
[19] Van Der Merwe J,Caceres R,et al.Mmdump:A tool for monitoring Internet multimedia traffic[J].ACM SIGCOMM Computer Communication Review,2000,30(5):48-59

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!