改进的双重特征协议识别方法研究

Research on Improved Protocol Identification based on Twofold Characteristics

传统识别方法难以满足现实网络环境的实际需要。文章利用协议的端口和特征串双重特征进行识别,并且根据实际的网络统计所需要识别协议的真实流量,正确化简正则表达式来实现对协议识别的加速。结果证明,与L7-filter正则表达式识别方法比较,采用方法能有效降低资源消耗和匹配时间,提高识别率。

Traditional identification method is dif icult to meet the actual needs of the real network environment. This paper uses the port and the characteristics of the protocol for identification. Also it statistics the real flow according to the actual network need to be identified and simplified the regular expression to accelerate the identification. Results show that compared with L7-filter, the method can reduce resource consumption and matching time ef ectively and improve the recognition rate.