摘要
随着通信网络的发展,私有协议被广泛应用。缺乏必要先验知识时,现有面向已知协议的解析工具无法获取私有协议数据承载的信息。获取私有协议数据承载的信息的前提是正确实现协议格式特征提取与数据分类。基于协议格式一般规律,提出一种针对私有链路协议的未知帧格式特征逆向提取与分类算法。通过链路帧预编码、固定域挖掘从帧样本集合提取帧格式特征并计算特征向量,最后基于特征向量加权欧氏距离对链路帧分类。测试结果表明,该算法能够有效提取帧格式特征,正确实现链路帧的提取和分类。
With the rapid development of communication network, private protocol is widely adopted. Without necessary prior knowledge,the existing analyzing tools for the open protocols cannot be used for obtaining the information from the private protocol data. To get the information from the private protocol data,one has to extract the protocol format feature and classify the protocol data correctly. Based on the general rules of protocol format,a format feature reverse extracting and data classifying algorithm was proposed for unknown data link frame. By data link frame precoding and fixed-field mining,the frame format features can be extracted from the frame sample set and the feature vectors can be calculated. Finally,the data link frames are classified based on the weighted Euclidean distances between the feature vectors. The test results show that the proposed method can be used to extract the protocol format features effectively and to correctly classify the data link frames by using format features.
作者
薛开平
柳彬
李威
洪佩琳
XUE Kaiping;LIU Bin;LI Wei;HONG Peilin(Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230026, Chin)
出处
《中国科学院大学学报(中英文)》
CSCD
北大核心
2018年第4期521-528,共8页
Journal of University of Chinese Academy of Sciences
基金
国家自然科学基金(61379129)
中国科学院青年创新促进会人才基金(2016394)资助
关键词
私有协议
未知链路帧
格式特征
分类
private protocol
unknown data link frame
format feature
classification
