| 零知识下的比特流未知协议分类模型 |
| |
| 引用本文: | 张凤荔,周洪川,张俊娇,刘渊,张春瑞.零知识下的比特流未知协议分类模型[J].计算机科学,2016,43(8):39-44. |
| |
| 作者姓名: | 张凤荔 周洪川 张俊娇 刘渊 张春瑞 |
| |
| 作者单位: | 电子科技大学信息与软件工程学院 成都611731,电子科技大学信息与软件工程学院 成都611731,电子科技大学信息与软件工程学院 成都611731,中国工程物理研究院计算机应用研究所 绵阳621900,中国工程物理研究院计算机应用研究所 绵阳621900 |
| |
| 基金项目: | 本文受NASF基金资助 |
| |
| 摘 要: | 针对在零知识下识别比特流未知协议这一问题,提出了一种协议分类模型。该模型首先利用二进制流的固有特性来计算协议种类个数近似值K和初始聚类中心,然后使用改进的K-Means聚类算法指定K及初始聚类中心以进行聚类,最后使用基于信息熵的混杂度评价方法对聚类结果进行评价,可将评价结果较好的类簇作为一种协议类型进行标记,用于其他分析。使用林肯实验室发布的实验数据进行测试,结果表明该模型能以较高的准确率对未知协议进行分类,基于信息熵的类簇评价方法也具有一定实用性。
|
| 关 键 词: | K-Means聚类 未知协议识别 K值计算 聚类结果评估 |
| 收稿时间: | 7/2/2015 12:00:00 AM |
| 修稿时间: | 2015/10/18 0:00:00 |
Unknown Bit-stream Protocol Classification Model with Zero-knowledge |
| |
| ZHANG Feng-li,ZHOU Hong-chuan,ZHANG Jun-jiao,LIU Yuan and ZHANG Chun-rui.Unknown Bit-stream Protocol Classification Model with Zero-knowledge[J].Computer Science,2016,43(8):39-44. |
| |
| Authors: | ZHANG Feng-li ZHOU Hong-chuan ZHANG Jun-jiao LIU Yuan and ZHANG Chun-rui |
| |
| Affiliation: | School of Information and Software Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China,School of Information and Software Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China,School of Information and Software Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China,Institute of Computer Application,China Academy of Engineering Physics,Mianyang 621900,China and Institute of Computer Application,China Academy of Engineering Physics,Mianyang 621900,China |
| |
| Abstract: | To solve the difficult problem of unknown bit-stream protocol identification with zero knowledge,a protocol classification model was proposed.Firstly,this model calculates the approximation of parameter K and the initial cluster center using the inherent features of bit-stream,then uses the improved K-Means to cluster data set into different clusters by specifying the parameter K and the initial center,and finally evaluates the results of clustering by a hybrid evaluation method based on information entropy.The clusters with good evaluation results can be marked and used to study further.Testing data set published by the Lincoln laboratory shows that unknown bit-stream protocols can be classified with high accuracy by this model,and the evaluation method based on information entropy is also useful and effective. |
| |
| Keywords: | K-Means Unknown protocol identification K value calculation Evaluation of clustering results |
|
|
点击此处可从《计算机科学》下载全文 |
|
