蔡乐,石荣,许都

• 1:电子科技大学
• 2:电子信息控制重点实验室

摘要(Abstract)：

目前常用的网络协议识别软件大多采用单一方法,且只能针对特定的网络数据包或数据流进行识别,自动化程度低,识别准确度不高。针对上述情况构建了一种新的协议识别系统,该系统将DPI深度包检测和DFI深度流检测相结合,对非加密的数据使用深度包检测方法,在特征字提取之后进行自动推理识别;对未知的加密数据则采用深度流检测方法,提取数据流特征之后使用支持向量机进行识别。测试数据表明,所构建的系统在保证准确率的情况下,不仅可以识别多层网络协议,而且提高了识别的自动化程度,从而为网络传输数据分析、状态监控、安全防护提供了新的技术手段。

关键词(KeyWords)： 深度包检测;深度流检测;协议识别;自动推理;支持向量机;安全防护

Abstract:

Keywords:

基金项目(Foundation):

作者(Author): 蔡乐,石荣,许都

DOI: 10.16652/j.issn.1004-373x.2018.03.024

参考文献(References)：

• [1]WAGNER C.Protocol-independent adaptive replay of application dialog[C]//Proceedings of 2006 IEEE Network and Distributed System Security Symposium.San Diego:IEEE,2006:487-490.
• [2]PEI J,HAN J,MORTAZAVIASL B,et al.Prefix Span:mining sequential patterns efficiently by prefix-projected pattern growth[C]//Proceedings of 2001 International Conference on Data Engineering.[S.l.]:IEEE,2001:215-224.
• [3]LIU A X,MEINERS C R,NORIGE E,et al.High-speed application protocol parsing and extraction for deep flow inspection[J].IEEE journal on selected areas in communications,2014,32(10):1864-1880.
• [4]CHEN K.Research on ontology modeling using object-oriented technology[J].Computer engineering&applications,2005(2):77-82.
• [5]GóMEZ-PéREZ A,CORCHO O.Ontology specification languages for the semantic Web[J].IEEE computer society,2002,17(1):54-60.
• [6]LIU R T,HUANG N F,CHEN C H,et al.A fast stringmatching algorithm for network processor-based intrusion detection system[J].ACM transactions on embedded computing systems,2004,3(3):614-633.
• [7]COIT C J,STANIFORD S,MCALERNEY J.Towards faster string matching for intrusion detection or exceeding the speed of snort[C]//Proceedings of 2001 DARPA Information Survi-vability Conference and Exposition.[S.l.]:IEEE,2001:367-373.
• [8]KNUTH I H D E,MORRIS J H,PRATT V R.Fast pattern matching in strings[J].Journal De Radiologie Délectrologie Et De Médecine Nucléaire,1968,49(5):378-381.
• [9]KHABZAOUI M,DHAENENS C,TALBI E G.Fast algorithms for mining association rules[C]//Proceedings of the 20th International Conference on Very Large Databases.Santiago:IEEE,1994:619-624.
• [10]HAN J,PEI J,MORTAZAVI-ASL B,et al.Free Span:frequent pattern-projected sequential pattern mining[C]//Proceedings of the Sixth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.[S.l.]:IEEE,2000:355-359.
• [11]GUO D,LIAO G,BHUYAN L N,et al.A scalable multithreaded L7-filter design for multi-core servers[C]//Proceedings of 2008 ACM/IEEE Symposium on Architecture for Networking and Communications Systems.San Jose:ACM,2008:60-68.
• [12]JOACHIMS T.Making large-scale SVM learning practical[EB/OL].[1998-06-15].http://www.cs.cornell.edu/people/tj/publications/joachims_98c.pdf.
• [13]HAN J,PEI J,YIN Y,et al.Mining frequent patterns without candidate generation:a frequent-pattern tree approach[J].Data mining&knowledge discovery,2004,8(1):53-87.