摘要
随着各种P2P协议的广泛应用以及逃避防火墙检测的需要,传统的基于常用端口识别应用层协议的方法已经出现问题。文章通过分析可用的文档和实际报文TRACE,分别为七种应用层协议找出其实际交互过程中必须出现且出现频率最高的固定字段,并将这些固定字段作为协议的特征串来识别这七种协议。实验结果表明,相较于端口方法,使用特征串方法识别这七种应用层协议具有更高的准确性,并且时间消耗的增长不会超过2%。
Along with the emergence of many P2P protocols and the need of circurhventing firewalls,traditional methods of application-level protocol identification such as using default server port become more and more inaccurate.The characteristic for each of seven application-level protocols is defined by analyzing some available documentations and packet-level traces in this paper.The characteristic of a protocol is a necessary part of actual communication,and it is more frequent to be used than any other necessary parts.These characteristics then are utilized to identify the seven protocols.The measurements show that the approach has higher accuracy than traditional port-based approach,and the time consumption increment do not exceed 2%.
出处
《计算机工程与应用》
CSCD
北大核心
2006年第24期16-19,86,共5页
Computer Engineering and Applications
基金
国家973重点基础研究发展规划项目资助(编号:2003CB314804)
教育部科学技术重点研究项目(编号:105084)
江苏省网络与信息安全重点实验室资助(编号:BM2003201)
关键词
网络流量
应用层协议识别
特征串
network traffic,application-level protocol identification,characteristic string
