| 协议签名特征自动发现方法 |
| |
| 引用本文: | 路 林,罗军勇,刘 琰,李明涛.协议签名特征自动发现方法[J].信息工程大学学报,2012,13(5):610-614620. |
| |
| 作者姓名: | 路 林 罗军勇 刘 琰 李明涛 |
| |
| 作者单位: | 信息工程大学网络空间安全学院,河南郑州450001 |
| |
| 基金项目: | 国家部委基金资助项目(KZLOJP71032) |
| |
| 摘 要: | 数据包应用层固定位置频繁出现的字节组合是识别应用层协议的一种重要的签名特征(signature)。数据挖掘中经典的Apriori算法在提取协议签名特征时具有准确性高、覆盖面广等优势,但同时也存在候选集规模大、重复扫描数据库等问题。在运用深度包检测技术的基础上改进Apriori算法,有效降低计算复杂度,并能够自动发现一种由确定的字节值和字符类型组合而成的协议签名特征。实验表明,文章的方法产生的签名特征具有准确的协议区分能力,并且在协议版本更新情况下的适应能力强,同时具有较好的未知协议特征发现能力。
|
| 关 键 词: | 协议签名特征 频繁模式发现 Apriori算法 |
Automatic Discovery of Protocol Signatures |
| |
| LU Lin,LUO Jun yong,LIU Yan,LI Ming tao.Automatic Discovery of Protocol Signatures[J].Journal of Information Engineering University,2012,13(5):610-614620. |
| |
| Authors: | LU Lin LUO Jun yong LIU Yan LI Ming tao |
| |
| Affiliation: | (Institute of Cyberspaee Security, Information Engineering University, Zhengzhou 450001, China) |
| |
| Abstract: | The frequent combination of some bytes on fixed positions in data packets is an important kind of signature for application-layer protocol identification. The classic Apriori algorithm in data mining has good signature accuracy and coverage, but also has inherent defects such as large-scale candidate item sets and repeated database scanning. This paper improves the Apriori algorithm based on deep packets inspection. The improved algorithm can automatically look for frequent patterns which might be a combination of byte values and character types. The experiments show that the sig- natures generated by the new method are good for protocols recognition and this method can adapt to protocol version updating, and perform well in discovering features of unknown protocols. |
| |
| Keywords: | protocol signature frequent pattern mining Apriori algorithm |
| 本文献已被 CNKI 维普 等数据库收录! |
| 点击此处可从《信息工程大学学报》浏览原始摘要信息 |
|
点击此处可从《信息工程大学学报》下载全文 |
|
