本文選題：協(xié)議識別 + token化�。� 參考：《計(jì)算機(jī)工程》2015年02期

【摘要】：應(yīng)用協(xié)議識別在網(wǎng)絡(luò)安全領(lǐng)域具有極其廣泛的應(yīng)用,而如何發(fā)現(xiàn)協(xié)議特征是協(xié)議識別的核心問題。為此,提出一種高效準(zhǔn)確的協(xié)議特征自動發(fā)現(xiàn)方法。利用協(xié)議自身的格式特點(diǎn),將消息進(jìn)行token化,并根據(jù)token序列對消息進(jìn)行分類。由分類數(shù)的變化曲線大致判別協(xié)議的首部長度,從而確定字頻統(tǒng)計(jì)的范圍。對數(shù)據(jù)流中每個(gè)數(shù)據(jù)包的消息首部進(jìn)行字節(jié)頻率統(tǒng)計(jì),并將字節(jié)頻率進(jìn)行歸一化處理,得到字節(jié)頻率特征向量。通過計(jì)算待測協(xié)議與樣本協(xié)議的余弦相似度對協(xié)議進(jìn)行分類和識別。實(shí)驗(yàn)結(jié)果表明,用該方法所提取的特征進(jìn)行識別,準(zhǔn)確率超過93.5%。
[Abstract]:Application protocol recognition has a wide range of applications in the field of network security, and how to find protocol features is the core problem of protocol recognition. Therefore, an efficient and accurate automatic protocol feature discovery method is proposed. Based on the format of the protocol, the message is token and classified according to the token sequence. The range of word frequency statistics is determined by judging the length of the first part of the protocol by the variation curve of classification number. The byte frequency of the first part of each packet in the data stream is counted, and the byte frequency is normalized to obtain the byte frequency eigenvector. The protocol is classified and recognized by calculating the cosine similarity between the protocol to be tested and the sample protocol. The experimental results show that the accuracy of the features extracted by this method is more than 93. 5%.
【作者單位】： 數(shù)學(xué)工程與先進(jìn)計(jì)算國家重點(diǎn)實(shí)驗(yàn)室;
【基金】：國家自然科學(xué)基金資助項(xiàng)目(61309007) 國家“863”計(jì)劃基金資助項(xiàng)目(2012AA012902)
【分類號】：TP393.08

【共引文獻(xiàn)】

相關(guān)期刊論文 前10條

1 吳昊;程光;;HTTP網(wǎng)絡(luò)應(yīng)用特征串的自動提取[J];廣西大學(xué)學(xué)報(bào)(自然科學(xué)版);2011年S1期

2 蔡君;王宇;;基于有監(jiān)督學(xué)習(xí)的應(yīng)用識別研究[J];廣東技術(shù)師范學(xué)院學(xué)報(bào);2013年07期

3 周亞建;薛超;平源;;基于端口特征的P2P應(yīng)用識別方案[J];北京工業(yè)大學(xué)學(xué)報(bào);2013年11期

4 李為民;劉曉楠;繆晨;陳陸穎;雷振明;;典型業(yè)務(wù)的包長分布規(guī)律[J];電子科技大學(xué)學(xué)報(bào);2014年02期

5 錢亞冠;張e，

本文編號：2041169