| 基于特征串的应用层协议识别 |
| |
| 引用本文: | 陈亮,龚俭,徐选.基于特征串的应用层协议识别[J].计算机工程与应用,2006,42(24):16-19,86. |
| |
| 作者姓名: | 陈亮 龚俭 徐选 |
| |
| 作者单位: | 东南大学计算机系江苏省计算机网络技术重点实验室,南京,210096 |
| |
| 基金项目: | 国家研究发展基金;教育部科学技术基金;江苏省重点实验室基金 |
| |
| 摘 要: | 随着各种P2P协议的广泛应用以及逃避防火墙检测的需要,传统的基于常用端口识别应用层协议的方法已经出现问题。文章通过分析可用的文档和实际报文TRACE,分别为七种应用层协议找出其实际交互过程中必须出现且出现频率最高的固定字段,并将这些固定字段作为协议的特征串来识别这七种协议。实验结果表明,相较于端口方法,使用特征串方法识别这七种应用层协议具有更高的准确性,并且时间消耗的增长不会超过2%。
|
| 关 键 词: | 网络流量 应用层协议识别 特征串 |
| 文章编号: | 1002-8331-(2006)24-0016-04 |
| 收稿时间: | 2006-05 |
| 修稿时间: | 2006-05 |
Identification of Application-Level Protocols Using Characteristic |
| |
| Chen Liang,Gong Jian,Xu Xuan.Identification of Application-Level Protocols Using Characteristic[J].Computer Engineering and Applications,2006,42(24):16-19,86. |
| |
| Authors: | Chen Liang Gong Jian Xu Xuan |
| |
| Affiliation: | Jiangsu Province Key Laboratory of Computer Networking Technology,Department of Computer Science,Southeast University,Nanjing 210096 |
| |
| Abstract: | Along with the emergence of many P2P protocols and the need of circurhventing firewalls,traditional methods of application-level protocol identification such as using default server port become more and more inaccurate.The characteristic for each of seven application-level protocols is defined by analyzing some available documentations and packet-level traces in this paper.The characteristic of a protocol is a necessary part of actual communication,and it is more frequent to be used than any other necessary parts.These characteristics then are utilized to identify the seven protocols.The measurements show that the approach has higher accuracy than traditional port-based approach,and the time consumption increment do not exceed 2%. |
| |
| Keywords: | network traffic application-level protocol identification characteristic string |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
