Computer Science ›› 2015, Vol. 42 ›› Issue (10): 60-64.

Previous Articles     Next Articles

Classification of Single Protocol Based on Keywords

ZHENG Jie and LI Jian-ping   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Network protocols are sets of standards for certain network communications.The protocol identification and analysis have great significance for network management and security.Although there are all kinds of protocol identification technology,most of them are not suitable for the binary protocol identification.To address this issue,the paper proposed a novel method of protocol identification which can classify the same protocol into several messages in the environment of single protocol communication.This method utilizes n-gram to segment the data frames and then extracts the set of keywords using unsupervised feature selection algorithm.At last,it implements the identification of different type of messages using clustering algorithm.Finally the method was evaluated on ICMP.The results show that the rate of precision and recall can both reach more than 90%.

Key words: ZHENG Jie LI Jian-ping (School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China)

[1] 牟乔.准确高效的应用层协议分析识别方法[J].计算机工程与程序,2010,2(8):39-45 Mou Qiao.A Suite of Precise and Effcient Analyzing Techniques for Application Protocols[J].Computer Engineering and Science,2010,32(8):39-45
[2] IANA.—num-bers
[3] Liu R T,Huang N F,Chen C H,et al.A fast string-matching algorithm for network processor-based intrusion detection system[J].ACM Transactions on Embedded Computing Systems,2004,3(3):614-633
[4] IANA.Internet Assigned Numbers Authority.
[5] Kim M S,Won Y J,Hong J W K.Application-level traffic monitoring and an analysis on IP networks[J].ETRI Journal,2005,27(1):22-42
[6] Chen C C,Wang S D.An efficient multicharacter transitionstring-matching engine based on the Aho-Corasick Algorithm [J].ACM transactions on architecture and code optimization,2013,10(4):1-22
[7] Wright C,Monrose F,Masson G M.HMM profiles for network traffic classification[C]∥Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security.New York,USA,ACM,2004:9-15
[8] Wright C,Monrose F,Masson G M.Towards better protocolidentification using profile HMMs:JHU-SPAR051201 [R].2005:325-328
[9] Bernaille L,Teixera R,Akodkenou I,et al.Traffic classification on the fly[J].ACM SIGCOMM Computer Communication Review,2006,36(2):23-26
[10] Zander S,Nguyen T,Armitage G.Self-learning IP traffic classification based on statistical flow characteristics[M]∥Passive and Active Network Measurement.Heidelberg,Germany:Springer,2005
[11] Peltola H,Tarhio J.String matching with lookahead [J].Discrete applied mathematics,2014,163(1):352-360
[12] Giaquinta E,Fredriksson K,Grabowski S,et al.Motif matching using gapped patterns [J].Theoretical Computer Science,2014,548:1-13
[13] Deyoung M E.Dynamic protocol reverse engineering:a grammatical inference approach [D].Air Force Institute,2008
[14] Nohl K,Evans D,Starbug S,et al.Reverse-Engineering a Cryptographic RFID Tag[C]∥USENIX Security Symposium.San Jose,California,USA,2008:185-194
[15] Wang Y,Zhang N,Wu Y,et al.Protocol Specification Inference Based on Keywords Identification[M]∥Advanced Data Mining and Applications.Springer Berlin Heidelberg,2013:443-454
[16] Sen S,Spatscheck O,Wang D.Accurate,scalable in-networkidentification of p2p traffic using application signatures[C]∥Proceedings of the 13th international conference on World Wide Web.New York,USA,ACM,2004:512-521
[17] Wang Y,et al.A semantics aware approach to automated reverse engineering unknown protocols[C]∥ICNP 2012:20th IEEE International Conference on Network Protocols.Austin,TX,USA,IEEE,2012:1-10
[18] Kang H J,Kim M S,Hong J W K.A method on multimediaservice traffic monitoring and analysis [M]∥Self-Managing Distributed Systems.Heidelberg,Germany:Springer,2003
[19] Van Der Merwe J,Caceres R,et al.Mmdump:A tool for monitoring Internet multimedia traffic[J].ACM SIGCOMM Computer Communication Review,2000,30(5):48-59

No related articles found!
Full text



No Suggested Reading articles found!