| 一种基于隐马尔可夫模型的协议识别技术 |
| |
| 引用本文: | 朱树永,张权,唐朝京. 一种基于隐马尔可夫模型的协议识别技术[J]. 现代电子技术, 2008, 31(24) |
| |
| 作者姓名: | 朱树永 张权 唐朝京 |
| |
| 作者单位: | 国防科学技术大学,电子科学与工程学院,湖南,长沙,410073 |
| |
| 摘 要: | 目前的协议识别技术主要是基于端口映射或静态报文特征匹配的。随着网络协议的发展,一些新的协议采用动态端口进行通信或不具有明显的静态报文特征,且部分协议采用了加密技术。这使得传统的识别技术准确率大幅下降。针对传统协议识别技术的局限性,这里提出一种基于隐马尔可夫模型(Hidden Markov Model,HMM)的协议识别技术。它是一种基于统计特性的识别方法,选用对于加密不敏感的特征如包的大小、达到时间等来实现协议的识别。实验结果证明,与传统识别技术相比,它能有效地提高协议识别的准确率,并能用于加密条件下的协议识别。
|
| 关 键 词: | 隐马尔可夫模型 协议识别 特征选择 Viterbi分类器 |
Technique of Protocol Identification Using Profile Hidden Markov Model |
| |
| ZHU Shuyong,ZHANG Quan,TANG Chaojing. Technique of Protocol Identification Using Profile Hidden Markov Model[J]. Modern Electronic Technique, 2008, 31(24) |
| |
| Authors: | ZHU Shuyong ZHANG Quan TANG Chaojing |
| |
| Abstract: | Recently,protocol identification techniques are mostly based on port mapping or static characters matching.With the development of network protocols,some new protocols use dynamic pots or messages without obvious static characters,or some protocols are encrypted.These make the accuracy with traditional identification techniques significantly reduced.Considering the limits of traditional techniques,this paper proposes a protocol identification technique using Profile Hidden Markov Model(HMM).It is based on statistic characteristics and selects those features that remain intact after encryption such as packet sizes,arrival times etc.Experiment results show that compared with traditional techniques,it can substantially increase recognition accuracy and can be applied in encrypted environment. |
| |
| Keywords: | hidden Markov model protocol identification feature selection Viterbi classifier |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
