摘要
为保障信息网络的安全,对网络协议帧进行合理的切分是准确掌握未知网络协议信息,挖掘协议特征,保证通信安全的重要步骤。在未知协议的识别与分析过程中,无法掌握所有网络通信协议规范,也难以准确获得数据特征,导致传统的网络协议帧切分方法面对大数据量时,在可行性与有效性方面存在较大的局限性。提出一种面向比特流的协议帧切分算法。详细分析了协议下比特流数据的特性;通过树结构存储统计比特流数据,并进行预挖掘以预测支持度和确定次数权值,进而判定获得频繁序列;运用位置差关联规则推断可能的帧头位置及帧长,从而实现协议帧的切分。通过对真实数据的仿真对提出的方法进行了验证,结果表明上述方法能够对未知协议进行准确帧长分段切分,使效率和准确度都有提高。
A network protocol frame segmentation method is presented based on bitstream. Through the storage of bitstream data with tree structure, the mining support is predicted in advance and the number of weights is determined, and then the frequent sequence is obtained. The frame head position and frame length are achieved by using association rule inference, and the segmentation of the frame agreement is realized. The proposed method is verified based on real data of simulation. Simulation results show that the proposed method has good efficiency and accuracy for unknown agreement word length and the piecewise segmentation.
出处
《计算机仿真》
CSCD
北大核心
2015年第1期318-321,共4页
Computer Simulation
基金
国家自然科学基金资助项目(61202490)
关键词
协议帧
比特流
树结构
频繁序列
关联规则
Protocol frame
Bit stream
Tree structure
Frequent sequence
Association rules
