期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于字节熵矢量加权指纹的二进制协议识别 被引量:6

Binary protocol identification based on weighted byte entropy vector
下载PDF
导出
摘要 协议识别在入侵检测等网络安全领域具有广泛应用。根据二进制协议特点,提出了一种基于字节熵矢量加权指纹的协议识别方法。对不同协议类型的网络流,利用字节熵矢量描述其报文格式属性,基于局部加权的思想对其进行聚类,得到类簇中心及各类簇字节熵的权重分配,构建协议的字节熵矢量加权指纹,通过指纹的距离度量及距离阈值设定对协议进行识别。实验表明,该方法对常见二进制协议的识别召回率达到94%以上,并可以发现训练集中未出现的协议。 Protocol identification was applied in the field of network security such as intrusion detection. According to the characteristic of binary protocol, this paper proposed a protocol identification method based on weighted byte entropy vector fingerprint. It firstly extracted the byte entropy vector which represented the attribute of the message format from the flow and built the weighted byte entropy vector fingerprint by using locally weighted K-means algorithm. Experiments show that the accuracy of the method for identifying the common binary protocols reach more than 94% , and can find the unknown protocols in the training sets.
作者 黄笑言 陈性元 祝宁 唐慧林
机构地区 解放军信息工程大学
出处 《计算机应用研究》 CSCD 北大核心 2015年第2期493-497,共5页 Application Research of Computers
基金 国家"973"计划资助项目(2011CB311801) 河南省科技创新人才计划资助项目(114200510001)
关键词 协议识别 二进制协议 格式属性 局部加权聚类 protocol identification binary protocol format attribute local weighted cluster
分类号 TP309.2 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献17

  • 1DAS R, EACHEMPATI S, MISHRA A K, et al. Design and evalua- tion of a hierarchical on-chip interconnect for next-generation CMPs [ C ]//Proc of the 15th International Conference on High-performance Computer Architecture. Washington DC: IEEE Computer Society, 2009 : 175-186.
  • 2MA J, LEVCHENKO K, KREIBICH C, et al. Unexpected means of protocol inference [ C ]//Proc of the 6th ACM SIGCOMM Conference on Internet Measurement. 2006.
  • 3NGUYEN T, ARMITAGE G. A survey of techniques for internet traf- fic classification using machine learning [ C ]//Proc of Communica- tions Survey Tutorials. [ S. 1. ] :IEEE Press,2008:56-76.
  • 4YAGI S, WAIZUMI Y, TSUNODA H, et al. A reliable network identification method based on transition pattern of payload length [ C ]//Proe of Global Telecommunications Conference. 2008 : 1- 5.
  • 5Skype testbed traces [ EB/OL ]. http://tstat, tic. polito, it/traces- skype, shtml.
  • 6杨哲,李领治,纪其进,朱艳琴.基于最短划分距离的网络流量决策树分类方法[J].通信学报,2012,33(3):90-102. 被引量:12
  • 7BERNAILLE L, TEIXEIRA R, AKODKENOU L, et al. Traffic clas- sification on the fly[ J]. ACM SIGCOMM Computer Communica- tion Review,2006,36 ( 2 ) : 23- 26.
  • 8DUAN Jiang-jiao, ZENG Jian-ping, ZHANG Dong-zhan. A method for determination on HMM distance threshold[ C ]//Proc of the 6th Inter- national Conference on Fuzzy Systems and Knowledge Discovery. 2009:387-391.
  • 9HAFFNER P, SEN S, SPATSCHECK O, et al. ACAS: automated construction of application signatures [ C ]//Proc of the 1st Annual ACM SIGCOMM Workshop on Mining Network Data. 2005.
  • 10KHAKPOUR A R, LIU A X. High-speed flow nature identification [ C ]//Proc of the 29th IEEE International Conference on Distributed Computing Systems. 2009 : 510 - 517.

二级参考文献72

  • 1赵咏,姚秋林,张志斌,郭莉,方滨兴.TPCAD:一种文本类多协议特征自动发现方法[J].通信学报,2009,30(S1):28-35. 被引量:10
  • 2金婷,王攀,张顺颐,陆青莲,陈东.基于DPI和会话关联技术的QQ语音业务识别模型和算法[J].重庆邮电学院学报(自然科学版),2006,18(6):789-792. 被引量:10
  • 3THOMAS K, ANDRE B, NEVIL B. File-sharing in the Intemet: a Characterization of P2P Traffic in the Backbone[R]. UC, Riverside, 2003.
  • 4SUBHABRATA S, OLIVER S, WANG D M. Accurate, scalable in network identification of P2P traffic using application signatures[A]. International World Wide Web Conference[C]. New York,2004.
  • 5KARAGIANNIS T, PAPAGIANNAKI K, FALOUTSOS M. BLINC: multilevel tratfic classification in the dark[A]. Proc of ACM SIGCOMM[C]. Philadelphia, PA, 2005.
  • 6KARAGIANNIS T, BROIDO A, FALOUTSOS M. Transport layer identification of P2P traffic[A]. Proc of ACM SIGCOMM IMC[C]. Taormina, Sicily, Italy, 2004.
  • 7ZANDER S, NGUYENI T, ARMITAGEI G.Self-learning IP traffic classification based on statistical flow characteristics[A]. Proc of PAM[C]. Boston, MA, 2005.
  • 8ZUEV D, MOORE A W. Traffic classification using a statistical approach[A]. Proc of PAM[C]. Boston, 2005.
  • 9HERN E NOBEL A B, SMITH F D. Statistical clustering of intemet communication patterns[A]. Proceedings of the 35th Symposium on the Interface of Computing Science and Statistics, Computing Science and Statistics[C]. 2003.
  • 10MOORE A W, ZUEV D. Discriminators for Use in Flow-Based Classification[R]. Intel Research, Cambridge, 2005.

共引文献64

同被引文献33

引证文献6

二级引证文献6

计算机应用研究
2015年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部