期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于协议首部的字节频率统计特征发现方法 被引量:2

Feature Discovering Method of Byte Frequency Statistics Based on Protocol Header
下载PDF
导出
摘要 应用协议识别在网络安全领域具有极其广泛的应用,而如何发现协议特征是协议识别的核心问题。为此,提出一种高效准确的协议特征自动发现方法。利用协议自身的格式特点,将消息进行token化,并根据token序列对消息进行分类。由分类数的变化曲线大致判别协议的首部长度,从而确定字频统计的范围。对数据流中每个数据包的消息首部进行字节频率统计,并将字节频率进行归一化处理,得到字节频率特征向量。通过计算待测协议与样本协议的余弦相似度对协议进行分类和识别。实验结果表明,用该方法所提取的特征进行识别,准确率超过93.5%。 Application protocol identification is widely applied in network security and the key problem of the protocol is how to discover the protocol feature.This paper proposes an efficient and precise method to automatically discover the protocol feature.The method takes advantage of the feature of protocol format to token the message,classify the messages according to the token sequence,and generally discriminate the protocol header length by change curve of classification number.Thus determine the scope of the word frequency statistics.The byte frequency of each data packet message header in data stream is counted and dealt under normalization.It gets the byte frequency vector of the protocol header,and utilizes the cosine similarity by calculating measured protocol and sample protocol to classify and identify the protocol.Experimental result shows that it has a high accuracy over 93.5%using the signature extracted by this method.
作者 何升 罗军勇 刘琰
机构地区 数学工程与先进计算国家重点实验室
出处 《计算机工程》 CAS CSCD 北大核心 2015年第2期272-277,共6页 Computer Engineering
基金 国家自然科学基金资助项目(61309007) 国家"863"计划基金资助项目(2012AA012902)
关键词 协议识别 token化 字节频率 特征向量 余弦相似度 protocol identification tokenization byte frequency feature vector cosine similarity
分类号 TP301.6 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献15

  • 1Moore A W,Papagiannaki K.Toward the Accurate Identification of Network Applications[C]//Proceedings of the 6th International Workshop on Passive and Active Network Measurement.Berlin,Germany:Springer,2005:41-54. 被引量:1
  • 2Haffner P,Sen S,Spatscheck O,et al.ACAS:Automated Construction of Application Signatures[C]//Proceedings of ACM SIGCOMM Workshop on Mining Network Data.[S.l.]:ACM Press,2005:197-202. 被引量:1
  • 3Ma J,Levchenko K,Kreibich C,et al.Unexpected Means of Protocol Inference[C]//Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement.[S.l.]:ACM Press,2006:313-326. 被引量:1
  • 4Park B C,Won Y J,Kim M S,et al.Towards Automated Application Signature Generation for Traffic Identification[C]//Proceedings of Network Operations and Management Symposium.[S.l.]:IEEE Press,2008:160-167. 被引量:1
  • 5Newsome J,Karp B,Song D.Polygraph:Automatically Generating Signatures for Polymorphic Worms[C]//Proceedings of IEEE Symposium on Security and Privacy.[S.l.]:IEEE Press,2005:226-241. 被引量:1
  • 6刘兴彬,杨建华,谢高岗,胡玥.基于Apriori算法的流量识别特征自动提取方法[J].通信学报,2008,29(12):51-59. 被引量:39
  • 7Mc Gregor A,Hall M,Lorier P,et al.Flow Clustering Using Machine Learning Techniques[M].Berlin,Germany:Springer,2004:205-214. 被引量:1
  • 8Moore A W,Zuev D.Internet Traffic Classification Using Bayesian Analysis Techniques[J].ACM SIGMETRICS Performance Evaluation Review,2005,33(1):50-60. 被引量:1
  • 9Auld T,Moore A W,Gull S F.Bayesian Neural Networks for Internet Traffic Classification[J].IEEE Transactions on Neural Networks,2007,18(1):223-239. 被引量:1
  • 10Zander S,Nguyen T,Armitage G.Automated Traffic Classification and Application Identification Using Machine Learning[C]//Proceedings of the 30th Anniversary Conference on Local Computer Networks.[S.l.]:IEEE Press,2005:250-257. 被引量:1

二级参考文献17

  • 1金婷,王攀,张顺颐,陆青莲,陈东.基于DPI和会话关联技术的QQ语音业务识别模型和算法[J].重庆邮电学院学报(自然科学版),2006,18(6):789-792. 被引量:10
  • 2THOMAS K, ANDRE B, NEVIL B. File-sharing in the Intemet: a Characterization of P2P Traffic in the Backbone[R]. UC, Riverside, 2003. 被引量:1
  • 3SUBHABRATA S, OLIVER S, WANG D M. Accurate, scalable in network identification of P2P traffic using application signatures[A]. International World Wide Web Conference[C]. New York,2004. 被引量:1
  • 4KARAGIANNIS T, PAPAGIANNAKI K, FALOUTSOS M. BLINC: multilevel tratfic classification in the dark[A]. Proc of ACM SIGCOMM[C]. Philadelphia, PA, 2005. 被引量:1
  • 5KARAGIANNIS T, BROIDO A, FALOUTSOS M. Transport layer identification of P2P traffic[A]. Proc of ACM SIGCOMM IMC[C]. Taormina, Sicily, Italy, 2004. 被引量:1
  • 6ZANDER S, NGUYENI T, ARMITAGEI G.Self-learning IP traffic classification based on statistical flow characteristics[A]. Proc of PAM[C]. Boston, MA, 2005. 被引量:1
  • 7ZUEV D, MOORE A W. Traffic classification using a statistical approach[A]. Proc of PAM[C]. Boston, 2005. 被引量:1
  • 8HERN E NOBEL A B, SMITH F D. Statistical clustering of intemet communication patterns[A]. Proceedings of the 35th Symposium on the Interface of Computing Science and Statistics, Computing Science and Statistics[C]. 2003. 被引量:1
  • 9MOORE A W, ZUEV D. Discriminators for Use in Flow-Based Classification[R]. Intel Research, Cambridge, 2005. 被引量:1
  • 10MOORE A W, ZUEV D. Internet tragic classification using bayesian analysis techniques[A]. Proc of ACM SIGMETRICS[C]. Banff, Alberta, Canada. 2005. 被引量:1

共引文献38

同被引文献16

引证文献2

二级引证文献3

计算机工程
2015年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部