期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于熵估计的安全协议密文域识别方法 被引量:5

Protocol Ciphertext Field Identification by Entropy Estimating
下载PDF
导出
摘要 现有基于网络报文流量信息的协议分析方法仅考虑报文载荷中的明文信息,不适用于包含大量密文信息的安全协议。为充分发掘利用未知规范安全协议的密文数据特征,针对安全协议报文明密文混合、密文位置可变的特点,该文提出一种基于熵估计的安全协议密文域识别方法 CFIA(Ciphertext Field Identification Approach)。在挖掘关键词序列的基础上,利用字节样本熵描述网络流中字节的分布特性,并依据密文的随机性特征,基于熵估计预定位密文域分布区间,进而查找密文长度域,定位密文域边界,识别密文域。实验结果表明,该方法仅依靠网络数据流量信息即可有效识别协议密文域,并具有较高的准确率。 Previous network-trace-based methods only consider the plaintext format of payload data, and are not suitable for security protocols which include a large number of ciphertext data; therefore, a novel approach named CFIA (Ciphertext Field Identification Approach) is proposed based on entropy estimation for unknown security protocols. On the basis of keywords sequences extraction, CFIA utilizes byte sample entropy and entropy estimation to pre-locate ciphertext filed, and further searches ciphertext length field to identify ciphertext field. The experimental results show that without using dynamic binary analysis, the proposed method can effectively identify ciphertext fields purely from network traces, and the inferred formats are highly accurate in identifying the protocols.
作者 朱玉娜 韩继红 袁霖 谷文 范钰丹
机构地区 解放军信息工程大学
出处 《电子与信息学报》 EI CSCD 北大核心 2016年第8期1865-1871,共7页 Journal of Electronics & Information Technology
基金 国家自然科学基金(61309018)~~
关键词 未知安全协议 协议格式 密文域 熵估计 Unknown security protocol Protocol format Ciphertext field Entropy estimation
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献2

二级参考文献20

  • 1赵咏,姚秋林,张志斌,郭莉,方滨兴.TPCAD:一种文本类多协议特征自动发现方法[J].通信学报,2009,30(S1):28-35. 被引量:10
  • 2Alshammari R, Zincir-Heywood AN. A flow based approach for SSH traffic detection. In: Proc. of the IEEE Int'l Conf. on Systems, Man and Cybernetics (ISIC). 2007. 296-301. [doi: 10.1109/ICSMC.2007.4414006].
  • 3Yu Q, Huo HW. Algorithms improving the storage efficiency of deep packet inspection. Ruan Jian Xue Bao/Journal of Software, 2011,22(1):149-163 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3724.htm [doi: 10.3724/SPJ.1001.2011. 03724].
  • 4Xu P, Lin S. Internet traffic classification using C4.5 decision tree. Ruan Jian Xue Bao/Journal of Software, 2009,20(10): 2692-2704 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3444.htm [doi: 10.3724/SP.J.1001.2009.03444].
  • 5Alshammari R, Zincir-Heywood AN. Generalization of signatures for SSH encrypted traffic identification. In: Proc. of the Computational Intelligence in Cyber Security. 2009. 167-174. [doi: 10.1109/CICYBS.2009.4925105].
  • 6Bernaille L, Teixeira R, Akodkenou I, Soule A, Salamation K. Traffic classification on the fly. SIGCOMM Computer Communication Review, 2006,36(2):23-26. [doi: 10.1145/1129582.1129589].
  • 7Bernaille L, Teixeira R. Early recognition of encrypted applications. In: Proc. of the 8th Int'l Conf. on Passive and Active Network Measurement (PAM 2007). Louvain-Ia-Neuve, 2007. 165-175. [doi: 10.1007/978-3-540-71617-4_17].
  • 8Alshammari R, Zincir-Heywood AN. Investigating two different approaches for encrypted traffic classification. In: Proc. of the 2008 Sixth Annual Conf. on Privacy, Security and Trust. 2008. 156-166. [doi: 10.1109/PST.2008.15].
  • 9Haffner P, Sen S, Spats check 0, Wang DM. ACAS: Automated construction of application signatures. In: Proc. of the ACM SIGCOMM Workshop on Mining Network Data. 2005.197-202. [doi: 10.1145/1080173.1080183].
  • 10Baset SA, Schulzrinne HN. An analysis of the skype peer-to-peer Internet telephony protocol. In: Proc. of the IEEE Infocom 2006. 2006.1-11. [doi: 10.1109/INFOCOM.2006.312].

共引文献55

同被引文献53

引证文献5

二级引证文献7

电子与信息学报
2016年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部