摘要
本文从数据包数量受限条件下的流量检测和基于Petri网的协议分析两个方面进行即时通讯流量的研究。通过互信息分析对比不同即时通讯流量数据包数为流量分类提供的信息量差别,利用统计学检验方法以及基于混淆矩阵的分类性能评价方法对机器学习分类器在不同包数下对即时通讯流量的分类的情况进行分析,得到各种机器学习分类器达到最佳分类状态时用于检测的包数量。基于Petri网对协议形式化的描述,将协议受到的攻击行为转化为网中插入的新元素,利用矩阵的运算完成协议攻击成功的可能性分析,使得协议安全性的分析有了形式化的方法,避免了人工分析的不确定性和局限性。本文设计并实现了一个即时通讯流量检测分析系统,通过数据包数选取、机器学习分类以及Petri网分析,实现包数受限下的即时通讯软件协议数据流识别分类及通讯的消息分析还原。
This paper studies the instant messenger traffic flow from two aspects:traffic detection under the condition of limited number of packets and protocol analysis based on Petri nets.Through mutual information analysis,the paper compares the amount of information provided by different packet numbers for traffic classification.Statistical test and performance evaluation based on confusion matrix are used to analyze the result of the classification for getting the best packet number for machine learning classifier.By using formal description of protocol based on Petri network,the paper transforms the attack behavior of the protocol into new elements inserted in the network to analyze the possibility of successful protocol attack by matrix operation.Therefore,this paper designs and implements an instant messenger traffic detection and analysis system,using selection of packet number,machine learning and Petri analysis for instant messenger flow classification and message restore.
作者
胡阳
余翔湛
李凯
HU Yang;YU Xiangzhan;LI Kai(School of Computer Science and Technology,Harbin Institute of Technology,Harbin 150001,China)
出处
《智能计算机与应用》
2019年第1期178-182,187,共6页
Intelligent Computer and Applications
