摘要
针对在零知识下识别比特流未知协议这一问题,提出了一种协议分类模型。该模型首先利用二进制流的固有特性来计算协议种类个数近似值K和初始聚类中心,然后使用改进的K-Means聚类算法指定K及初始聚类中心以进行聚类,最后使用基于信息熵的混杂度评价方法对聚类结果进行评价,可将评价结果较好的类簇作为一种协议类型进行标记,用于其他分析。使用林肯实验室发布的实验数据进行测试,结果表明该模型能以较高的准确率对未知协议进行分类,基于信息熵的类簇评价方法也具有一定实用性。
To solve the difficult problem of unknown bit-stream protocol identification with zero knowledge, a protocol classification model was proposed. Firstly, this model calculates the approximation of parameter K and the initial cluster center using the inherent features of bit-stream, then uses the improved K-Means to cluster data set into different clus- ters by specifying the parameter K and the initial center, and finally evaluates the results of clustering by a hybrid evalu- ation method based on information entropy. The clusters with good evaluation results can be marked and used to study further. Testing data set published by the Lincoln laboratory shows that unknown bit-stream protocols can be classified with high accuracy by this model,and the evaluation method based on information entropy is also useful and effective.
作者
张凤荔
周洪川
张俊娇
刘渊
张春瑞
ZHANG Feng-li ZHOU Hong-chuan ZHANG Jun-jiao LIU Yuan ZHANG Chun-rui(School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China Institute of Computer Application, China Academy of Engineering Physics, Mianyang 621900, China)
出处
《计算机科学》
CSCD
北大核心
2016年第8期39-44,共6页
Computer Science
基金
NASF基金资助项目(U1230106)
中国工程物理研究院科学技术发展基金项目(2012A0403021)
四川省科技计划资助项目(2014GZ0109
2015KZ002)
国家自然基金项目(61472064)资助
关键词
K-MEANS聚类
未知协议识别
K值计算
聚类结果评估
K-Means, Unknown protocol identification,K value calculation, Evaluation of clustering results
