| 基于最大似然概率的协议关键词长度确定方法 |
| |
| 引用本文: | 罗建桢,余顺争,蔡 君.基于最大似然概率的协议关键词长度确定方法[J].通信学报,2016,37(6):119-128. |
| |
| 作者姓名: | 罗建桢 余顺争 蔡 君 |
| |
| 作者单位: | 1. 广东技术师范学院电子与信息学院,广东 广州 510665;2. 中山大学电子与信息工程系,广东 广州 510006 |
| |
| 基金项目: | 国家自然科学基金资助项目(No.61571141, No.61272381);广东省自然科学基金资助项目(No.2014A030313637, No.2016A030311013);广东省教育厅特色创新项目(自然科学)基金资助项目(No.2014KTSCX149);广东省高校优秀青年教师基金资助资助项目(YQ2015105);广东省应用型科技研发专项基金资助项目(No.2015B010131017);广东省科技计划基金资助项目(No.2014A010101156);广东省教育厅省级重大基金资助项目(No.2014KZDXM060);广东省普通高校国际合作重大基金资助项目(No.2015KGJHZ021);广东省公益研究与能力建设专项基金资助项目(No.2014A010103032) |
| |
| 摘 要: | 提出非齐次左—右型级联隐马尔可夫模型,用于应用层网络协议报文建模,描述状态之间的转移规律和各状态的内部相位变化规律,刻画报文的字段跳转规律和字段内的马尔可夫性质,基于最大似然概率准则确定协议关键词的长度,推断协议关键词,自动重构协议的报文格式。实验结果表明,所提出方法能有效地识别出协议关键词和重构协议报文格式。
|
| 关 键 词: | 隐马尔可夫模型 协议逆向工程 网络安全 报文格式 |
Method for determining the lengths of protocol keywords based on maximum likelihood probability |
| |
| Jian-zhen LUO,Shun-zheng YU,Jun CAI.Method for determining the lengths of protocol keywords based on maximum likelihood probability[J].Journal on Communications,2016,37(6):119-128. |
| |
| Authors: | Jian-zhen LUO Shun-zheng YU Jun CAI |
| |
| Affiliation: | 1. School of Electronic and Information,Guangdong Polytechnic Normal University,Guangzhou 510665,China;2. School of Information Science and Technology,Sun Yat-Sen University,Guangzhou 510006,China |
| |
| Abstract: | A left-to-right inhomogeneous cascaded hidden Markov modelwas proposed and applied to model application protocol messages. The proposed modeldescribed the transition probabilities between states and the evolution rule of phases inside the states,revealed the transition feature ofmessage fields and the left-to-right Markov characteristicsinside the fields. The protocol keywords were inferred by selecting lengths with maximum likelihood probability, and then the message format was recovered. The experimental results demonstrated that the proposed method perform well in protocol keyword extraction and message format recovery. |
| |
| Keywords: | hidden Markov model protocol reverse engineering network security message format |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
