准确高效的应用层协议分析识别方法

A Suite of Precise and Efficient Analyzing Techniques for Application Protocols

本文对现行应用层协议分析方法进行总结概述,并介绍了一套全新的、模块化的、分为低、中、高、补等4个级别12大类的协议分析识别方法,可准确高效地将网络上的各种通讯数据分门别类,以便于随后进行网络流量监控与管理。尤其针对加密或伪装类数据包,可不经过解密等需要深入进行数据剖析或产生过多计算量的复杂途径而进行分析。即使是不能分析的未知流量,亦有相关特殊方法进行强制性或使用者控制的非强制性操作而将其纳入可控范围进行管理。最后给出了本方法在Linux平台上的实现,并对实验得到的数据进行了比较,给出了整套系统在真实应用环境中的分析效果。

The paper collects and summarizes the protocol analysis method used currently, and introduces a new suite of analyzing techniques which are divided into 4 levels and 12 sorts. We can assort the application data including the unrecog- nizable data running on the Internet into different kinds of protocols efficiently and precisely using these techniques. For those encrypted or masked packets, the techniques may finish the analysis task without decryption or any other complicated calculation. Onee they have been classified as protocols, network traffic control could be done easily.