本文選題：協(xié)議識別 + 深度包檢測��； 參考：《電子科技大學(xué)》2017年碩士論文

【摘要】：隨著信息技術(shù)的高速發(fā)展,網(wǎng)絡(luò)逐漸成為了人們?nèi)粘＝涣鞯闹饕ぞ?同時人們利用互聯(lián)網(wǎng)獲取各種信息也更加便利和快捷,但是隨之而來的則是越來越嚴(yán)重的信息安全問題,例如木馬、入侵等問題,計算機(jī)網(wǎng)絡(luò)的完整性、安全性、保密性均受到了非常大的挑戰(zhàn)。雖然防火墻、入侵檢測等傳統(tǒng)的網(wǎng)絡(luò)安全技術(shù)能解決一部分問題,但是對于提高網(wǎng)絡(luò)服務(wù)質(zhì)量、檢測流量異常等要求來說,分析并識別流量所使用的協(xié)議類型是最基本的要求。目前常用的網(wǎng)絡(luò)協(xié)議識別軟件大多采用單一方法,且只能針對特定的網(wǎng)絡(luò)數(shù)據(jù)包或數(shù)據(jù)流進(jìn)行識別,自動化程度低,識別準(zhǔn)確度不高。針對上述情況本文構(gòu)建了一種新的協(xié)議識別系統(tǒng),該系統(tǒng)將深度包檢測和深度流檢測相結(jié)合,對非加密的數(shù)據(jù)使用深度包檢測技術(shù),在提取數(shù)據(jù)包特征之后進(jìn)行自動推理識別;對未知的加密數(shù)據(jù)則采用深度流檢測技術(shù),提取數(shù)據(jù)流特征之后使用支持向量機(jī)進(jìn)行分類識別。本文第一部分介紹了數(shù)據(jù)包特征提取技術(shù)并構(gòu)建了數(shù)據(jù)包特征提取系統(tǒng),使用多模式匹配算法和關(guān)聯(lián)規(guī)則分析算法相結(jié)合的方法來提取協(xié)議特征字符串,并將結(jié)果存儲到協(xié)議特征庫中。對于加密數(shù)據(jù),數(shù)據(jù)包的內(nèi)容對于用戶來說是不可見的,為此,本文構(gòu)建了數(shù)據(jù)流特征提取系統(tǒng),通過提取數(shù)據(jù)流特征來進(jìn)行加密數(shù)據(jù)的協(xié)議識別。提取了數(shù)據(jù)包特征和數(shù)據(jù)流特征之后,通過推理識別系統(tǒng)和分類識別系統(tǒng)來進(jìn)行協(xié)議的識別。為此,本文第三部分介紹了系統(tǒng)構(gòu)建使用的訓(xùn)練數(shù)據(jù)和測試數(shù)據(jù)的采集以及預(yù)處理,然后通過Jena自動推理機(jī)來構(gòu)建基于數(shù)據(jù)包的協(xié)議識別系統(tǒng),而通過支持向量機(jī)來構(gòu)建基于數(shù)據(jù)流的協(xié)議識別系統(tǒng)。最后,測試數(shù)據(jù)表明,所構(gòu)建的系統(tǒng)在保證準(zhǔn)確率的情況下,不僅可以識別多層網(wǎng)絡(luò)協(xié)議,而且提高了識別的自動化程度。從而為網(wǎng)絡(luò)傳輸數(shù)據(jù)分析、狀態(tài)監(jiān)控、安全防護(hù)等提供了新的技術(shù)手段。
[Abstract]:With the rapid development of information technology, the network has gradually become the main tool for people's daily communication. At the same time, it is more convenient and faster for people to use the Internet to obtain all kinds of information, but with it comes more and more serious information security problems. For example, Trojans, intrusions and so on, the integrity, security and confidentiality of computer networks have been greatly challenged. Although traditional network security technologies such as firewalls and intrusion detection can solve some problems, it is the most basic requirement to analyze and identify the types of protocols used in traffic detection for improving network service quality and detecting traffic anomalies. At present, most of the commonly used network protocol recognition software uses a single method, and can only identify the specific network data packets or data streams, the degree of automation is low, the recognition accuracy is not high. In this paper, a new protocol recognition system is constructed, which combines depth packet detection with depth flow detection, uses depth packet detection technology for non-encrypted data, and automatically inferences after extracting data packet features. For the unknown encrypted data, the depth flow detection technique is used, and the feature of the data stream is extracted, and then the support vector machine is used to classify and recognize the unknown encrypted data. In the first part of this paper, we introduce the technology of data packet feature extraction and construct a data packet feature extraction system. We use the combination of multi-pattern matching algorithm and association rule analysis algorithm to extract the protocol feature string. The results are stored in the protocol signature library. For encrypted data, the content of data packet is invisible to the user. Therefore, a data stream feature extraction system is constructed to identify the protocol of encrypted data by extracting the data stream feature. After extracting the data packet features and data flow features, the protocol is identified by inference recognition system and classification recognition system. Therefore, the third part of this paper introduces the acquisition and preprocessing of the training data and test data used in the system construction, and then constructs the protocol recognition system based on data packet through Jena automatic inference engine. The protocol recognition system based on data flow is constructed by support vector machine (SVM). Finally, the test data show that the system can not only recognize the multi-layer network protocol, but also improve the automation degree of recognition. Thus, it provides new technical means for network transmission data analysis, state monitoring, security protection and so on.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 李艷潂;付維娜;劉帥;祝明;;并行系統(tǒng)中KMP串匹配算法的實現(xiàn)[J];制造業(yè)自動化;2011年02期

2 蔣盤林;;電子信息對抗作戰(zhàn)對象的未來發(fā)展特點及其對抗體系發(fā)展戰(zhàn)略研究[J];電子信息對抗技術(shù);2009年05期

3 楊阿琴;高曙;;專家系統(tǒng)中基于Jess的推理研究[J];電腦知識與技術(shù)(學(xué)術(shù)交流);2007年16期

4 俞燕燕;李紹滋;;eMule系統(tǒng)的協(xié)議分析[J];合肥工業(yè)大學(xué)學(xué)報(自然科學(xué)版);2006年09期

，

本文編號：2108075