摘要
未知协议消息序列的聚类分析是进行未知协议逆向分析的关键步骤。尽管过去有非常多的序列聚类研究工作,但由于缺少有效评估序列相似性的手段以及缺少对协议消息序列特征的考虑,导致协议消息序列聚类仍是一个困难的任务。因此,提出一种Seq Cluster新的序列聚类算法。Seq Cluster的关键点,在于其采用一种新颖的序列相似度计算方式来评估序列之间的相似性。该序列相似度计算方式能够更加准确地反应序列之间的相似程度。Seq Cluster序列聚类算法不仅可以被用于序列聚类,还可以被用于实现噪声序列过滤、自定义相似度序列集合筛选等功能。利用HTTP协议消息序列,展示该聚类算法的三种不同用法,并通过多种不同类型的协议消息序列,验证了该算法的有效性。
Clustering analysis of undocumented protocol sequences is a key step in reverse analysis of undocumented protocols. However, due to the lack of effective means for assessing the sequence similarity andof consideration on characteristics of the protocol message sequence, the protocol message sequence clustering still remains a difficult task. For this reason, SeqCluster an algorithm for precisely clustering sequences according to their structure similarity is proposed. The key property of SeqCluster is that the novel computational method is used to measure structural similarity of the sequences. The structural similarity evaluation mechanism could more accurately reflect the degree of similarity of between the sequences. The proposed clustering algorithm could be used both for sequence clustering and for noise sequence filtering, custom similarity sequence screening, etc. By using the HTTP protocol message sequence, the three different uses of the clustering algorithm are revealed. In addition, the effectiveness of the proposed algorithm is verified via protocol message sequences of muhiple different types.
出处
《通信技术》
2017年第2期277-286,共10页
Communications Technology
关键词
序列聚类
协议逆向
噪声序列过滤
序列相似度
sequence clustering
protocol reverse
noise sequence filtering
sequence similarity
