摘要
目前常用的网络协议识别软件大多采用单一方法,且只能针对特定的网络数据包或数据流进行识别,自动化程度低,识别准确度不高。针对上述情况构建了一种新的协议识别系统,该系统将DPI深度包检测和DFI深度流检测相结合,对非加密的数据使用深度包检测方法,在特征字提取之后进行自动推理识别;对未知的加密数据则采用深度流检测方法,提取数据流特征之后使用支持向量机进行识别。测试数据表明,所构建的系统在保证准确率的情况下,不仅可以识别多层网络协议,而且提高了识别的自动化程度,从而为网络传输数据分析、状态监控、安全防护提供了新的技术手段。
Most commonly-used network protocol identification softwares use single method,can only identify the specific network data packet or data stream,and has low automation degree and identification accuracy.Therefore,a new protocol identification system is proposed,which is based on the combination of deep packet inspection(DPI) and deep flow inspection(DFI).The DPI method is used to perform the automatic reasoning for the unencrypted data after character word extraction.The DFI method is used to identify the unknown encrypted data with support vector machine(SVM)after data stream feature extraction.The test data shows that the constructed system can recognize the multi-layer network protocol and improve the recognition automatic degree while ensuring the accuracy,and provides a new technical means for network transmission data analysis,state monitoring and security protection.
出处
《现代电子技术》
北大核心
2018年第3期101-106,共6页
Modern Electronics Technique
