摘要
针对缺少会话信息的离散序列报文,提出一种基于离散序列报文的协议格式(SPMbFSC)特征自动提取算法。SPMbFSC在对离散序列报文进行聚类的基础上,通过改进的频繁模式挖掘算法提取出协议关键字,进一步对协议关键字进行选择,筛选出协议格式特征。仿真结果表明,SPMbFSC在以单个报文为颗粒度的识别中对FTP、HTTP等六种协议的识别率均能达到95%以上,在以会话为颗粒度的识别中识别率可达90%。同等实验条件下性能优于自适应特征(AdapSig)提取方法。实验结果表明SPMbFSC不依赖会话数据的完整性,更符合实际应用中由于接收条件限制导致会话信息不完整的情形。
To deal with the discrete series protocol message without session information, a new Separate Protocol Message based Format Signature Construction(SPMbFSC) algorithm was proposed. First, separate protocol message was clustered,then the keywords of the protocol were extracted by improved frequent pattern mining algorithm. At last, the format signature was acquired by filtering and choosing the keywords. Simulation results show that SPMbFSC is quite accurate and reliable, the recognition rate of SPMbFSC for six protocols(DNS, FTP, HTTP, IMAP, POP3 and IMAP) achieves above 95% when using single message as identification unit, and the recognition rate achieves above 90% when using session as identification unit.SPMbFSC has better performance than Adaptive Application Signature(AdapSig) extraction algorithm under the same experimental conditions. Experimental results indicate that the proposed SPMbFSC does not depend on the integrity of session data, and it is more suitable for processing incomplete discrete seriesprotocol message due to the reception limitation.
出处
《计算机应用》
CSCD
北大核心
2017年第4期954-959,969,共7页
journal of Computer Applications
