《计算机应用研究》|Application Research of Computers

面向比特流数据的未知协议关联分析与识别

Protocol identification association analysis in mobile network environment

免费全文下载 (已被下载 次)  
获取PDF全文
作者 王勇,吴艳梅,李芬,张楠
机构 1.电子科技大学 计算机科学与工程学院,成都 610054;2.中国工程物理研究院 计算机应用研究所,四川 绵阳 621900
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2015)01-0243-06
DOI 10.3969/j.issn.1001-3695.2015.01.056
摘要 针对移动无线网络比特流数据特征,提出了一种基于关联规则识别特定环境下未知协议的方法。该方法改进了传统协议识别技术,如通过端口号、协议已知固定特征等,避免了传统技术存在的局限性。通过截获无线环境中传输的比特流数据,利用机器学习机制,提取特征信息,挖掘关联规则来识别和标志未知协议,标志协议指纹信息,实现特定环境下未知协议的发现与分析识别。最后在两种协议上对提出的方法进行了评估,协议的平均识别率高于99%,而平均的错误识别率低于0.6%。
关键词 协议识别;关联规则;指纹特征;比特流
基金项目 中国工程物理研究院科学技术发展基金资助项目(2012A0403021)
NSAF联合基金资助项目(U1230106)
国家信息安全发展计划资助项目(2013F098)
本文URL http://www.arocmag.com/article/01-2015-01-056.html
英文标题 Protocol identification association analysis in mobile network environment
作者英文名 WANG Yong, WU Yan-mei, LI Fen, ZHANG Nan
机构英文名 1. School of Computer Science & Engineering, University of Electronic Science & Technology of China, Chengdu 610054, China; 2. Institute of Computer Application, Chinese Academy of Engineering Physics, Mianyang Sichuan 621900, China
英文摘要 This paper proposed a framework to identify the feature in wireless bit-streams. This framework provided a method automatically extracting an unknown binary protocol format by utilizing association rules. This method proved the traditional way in identify technology, for traditional ways had some limitation in application. It captured the bit-stream in the wireless, and used the technology of machine learning to extract the feature in it. Then it excavated the association rules between the features to identify the unknown protocol. It marked the important feature to be the protocol’s fingerprint, and could achieve the attitude of identification in special environment. Finally it evaluated the efficacy of it over two protocols, with average recog-nition more than 99%, and the average false-recognition less than 0.6%.
英文关键词 protocol identification; association rules; fingerprint characteristics; bit stream
参考文献 查看稿件参考文献
  [1] 中国移动互联网发展状况调查报告[R] . 中国互联网络信息中心, 2012.
[2] 胡庆安. 基于双重特征的协议识别方法研究[D] . 成都:西南交通大学, 2007.
[3] 朱树勇. 协议识别技术研究[D] . 长沙:国防科学技术大学, 2008.
[4] IANA[EB/OL] . http://www. iana. org/assignments/portnum-bers.
[5] 刘佳雄. 基于 DPI 和 DFI 技术的对等流量识别系统的设计[D] . 秦皇岛:燕山大学, 2010.
[6] SEN S, SPATSCHECK O, WANG Dong-mei. Accurate, scalable in network identification of P2P traffic using application signatures[C] //Proc of the 13th International World Wide Web Conference. 2004:512-521.
[7] SCHILLER A C, BINKLEY J, HARLEY D. Botnets:the killer Web app[M] . [S. l. ] :Syngress, 2009.
[8] 李雄伟, 王希武, 王盼卿. 基于模式串匹配的Ethernet协议识别算法研究[J] . 计算机工程与应用, 2007, 43(29):143-145, 188.
[9] 何畏, 汪荣贵, 查全民. 一种新的快速移动单模式匹配算法[J] . 合肥工业大学学报:自然科学版, 2010, 33(5):665-669.
[10] 朱姣姣, 叶猛. 多模式匹配及其改进算法在协议识别中的应用[J] . 电视技术, 2012, 36(7):60-63.
[11] 张之远, 叶文晨, 陈云寰. 基于多模式匹配的状态检测技术[J] . 电子测量技术, 2010, 33(11):98-101.
[12] MAI M. Dynamic protocol analysis for network intrusion detection systems[D] . [S. l. ] :Tu München, 2005.
[13] DREGER H, FELDMANN A, MAI M, et al. Dynamic application-layer protocol analysis for network intrusion detection[C] //Proc of USENIX Security Symposium. 2006.
[14] KANG H J, KIM M S, HONG J W K. A method on multimedia ser-vice traffic monitoring and analysis[C] //Lecture Notes in Computer Science, vol 2867. Berlin:Springer, 2003.
[15] Van der MERWE J, CACERES R, CHU Yang-hua, et al. Mmdump:a tool for monitoring internet multimedia traffic[J] . ACM Computer Communication Review, 2000, 30(5):48-59.
[16] LIU Rong-tai, HUANG Nen-fu, KAO C N, et al. A fast string-matching algorithm for network processor-based intrusion detection system[J] . ACM Trans on Embedded Computing Systems, 2004, 3(3):614-633.
[17] 徐红, 秦志光. 一种面向入侵检测的改进AC算法[J] . 微电子学与计算机, 2010, 27(11):109-112.
[18] COIT C J, STANIFORD S, McALERNEY J. Towards faster string matching for intrusion detection or exceeding the speed of snort[C] //Proc of DARPA Information Survivability Conference & Exposition II. 2001:367-373.
[19] 李拥军, 敖道敢. 一种快速近似模式匹配算法[J] . 华南理工大学学报:自然科学版, 2012, 40(6):103-108.
[20] BOYER R S, MOORE J S. A fast searching algorithm[J] . Communications of the ACM, 1977, 9(6):95-97, 101.
[21] 金凌, 邱卫东, 杨小牛, 等. 面向比特流的频繁模式序列挖掘算法[J] . 信息安全与通信保密, 2011, 9(6):95-97, 101.
[22] 孙德才, 孙星明, 张伟, 等. 基于匹配区域特征的相似字符串匹配过滤算法[J] . 计算机研究与发展, 2010, 47(4):663-670.
[23] AGRAWAL R, SRIKANT R. Mining sequential patterns[C] //Proc of the 11th International Conference on Data Engineering. Los Alamitos, CA:IEEE Computer Society, 1995:3-14.
[24] AGRAWAL R, IMIELINSKI T, SWAMI A. Mining association rules between sets of items in large database[C] //Proc of ACM-SIGMOD International Conference on Management of Data. 1993:207-216.
[25] HAN Jia-wei, KAMBER M. Data mining:concepts and techniques[M] . 2nd ed. [S. l. ] :Morgan Kaufmann, 2005.
[26] 刘琦, 卜佳俊, 陈纯. 基于Apriori算法的关键词推荐在面向主题的用户个性化搜索中的应用[J] . 模式识别与人工智能, 2006, 19(2):186-190.
[27] GAST M S. 802. 11 wireless networks:the definitive guide[M] . 2nd ed. [S. l. ] :O’Reilly Media, 2005.
[28] BARTIK V, ZENDULKA J. Mining association rules from relational data average distance based method[C] //Proc of on the Move to Meaningful Internet Systems 2003:CooplS DOA and ODBASE 2003 Proceedings. 2003:757-766.
[29] IEEE Std 802. 11g[S] . [S. l. ] :IEEE Press, 2003.
[30] HAN Jia-wei, PEI Jian, YIN Yi-wen, et al. Mining frequent patterns without candidate generation[C] //Proc of ACM SIGMOD Internatio-nal Conference on Management of Data. New York:ACM Press, 2000:1-12.
[31] 陈耿, 朱玉全, 杨鹤标, 等. 关联规则挖掘中若干关键技术的研究[J] . 计算机研究与发展, 2005, 42(10):1785-1789.
收稿日期 2013/11/28
修回日期 2014/1/6
页码 243-248
中图分类号 TP393
文献标志码 A