發(fā)布時(shí)間：2018-11-11 22:09

【摘要】：Internet的飛速發(fā)展,使得多種多樣的應(yīng)用層協(xié)議不斷涌現(xiàn),導(dǎo)致網(wǎng)絡(luò)變得更加復(fù)雜、更加多樣化和難以管理。攻擊方式和入侵手段也層出不窮,惡意的網(wǎng)絡(luò)攻擊對(duì)網(wǎng)絡(luò)服務(wù)和信息安全產(chǎn)生了嚴(yán)重的危害。應(yīng)用層協(xié)議的識(shí)別技術(shù)的提出、研究和發(fā)展,能夠較好的解決網(wǎng)絡(luò)流量實(shí)時(shí)識(shí)別和提取特征的問題�？紤]到安全性、靈活性等因素,很多的新應(yīng)用層協(xié)議不再選擇固定的端口號(hào)來傳輸數(shù)據(jù),而是比較青睞于動(dòng)態(tài)端口號(hào),并且很多協(xié)議不具有統(tǒng)一的標(biāo)準(zhǔn)和規(guī)范,因此沒法通過固定端口號(hào)來尋找到簡單快捷的統(tǒng)一分類規(guī)律�；诙丝谔�(hào)的分類對(duì)于使用動(dòng)態(tài)端口的應(yīng)用則不適用;基于負(fù)載的分類方法將會(huì)涉及到用戶隱私問題,時(shí)間代價(jià)高;正則表達(dá)式的提取主要通過人為分析某種應(yīng)用層協(xié)議的規(guī)范文檔來提取。在數(shù)據(jù)爆炸的今天,人為分析協(xié)議進(jìn)行特征提取變得日益困難。本文針對(duì)當(dāng)前應(yīng)用層協(xié)議識(shí)別的困難和提取遇到的問題,提出基于Hadoop的應(yīng)用層協(xié)議識(shí)別系統(tǒng)。利用并行處理海量數(shù)據(jù)的Hadoop來識(shí)別應(yīng)用層數(shù)據(jù)包,并且可以提取出應(yīng)用層數(shù)據(jù)包的特征串,實(shí)現(xiàn)了對(duì)應(yīng)用層數(shù)據(jù)包特征的準(zhǔn)確提取和識(shí)別。本文主要研究內(nèi)容如下:首先,研究現(xiàn)有的應(yīng)用層協(xié)議識(shí)別技術(shù)、Hadoop和Hbase的架構(gòu)和工作機(jī)制。其次,研究Apriori算法,并基于Hadoop對(duì)該算法進(jìn)行了改進(jìn),得到基于Hadoop的應(yīng)用層協(xié)議特征串提取算法--MapReduceApriori算法。改進(jìn)后的算法可較好地解決從非公開規(guī)范文檔的應(yīng)用層協(xié)議中提取特征困難的問題,以及新協(xié)議種類繁多人為提取特征日益困難的問題。最后,設(shè)計(jì)并實(shí)現(xiàn)了基于Hadoop的應(yīng)用層協(xié)議識(shí)別系統(tǒng),實(shí)驗(yàn)表明該系統(tǒng)能夠更高效準(zhǔn)確地識(shí)別出應(yīng)用層協(xié)議,并能夠較準(zhǔn)確的提取出未識(shí)別協(xié)議的特征串。
[Abstract]:With the rapid development of Internet, a variety of application layer protocols are emerging, which makes the network more complex, more diversified and more difficult to manage. Attacks and intrusion methods emerge in endlessly, malicious network attacks on network services and information security has caused serious harm. The application layer protocol identification technology is proposed, researched and developed, which can solve the problem of real-time network traffic recognition and feature extraction. Considering security, flexibility and other factors, many new application-layer protocols do not choose fixed port numbers to transmit data, but prefer dynamic port numbers, and many protocols do not have uniform standards and specifications. Therefore, it is impossible to find a simple and fast uniform classification rule by fixed port number. The classification based on port number is not applicable to the application of dynamic port, the load based classification method will involve user privacy problem, and the time cost will be high. The extraction of regular expressions is mainly done by analyzing the specification documents of a certain application layer protocol. In today's data explosion, it is becoming increasingly difficult to extract features from artificial analysis protocols. Aiming at the difficulties of current application layer protocol recognition and the problems encountered in extraction, this paper proposes an application layer protocol recognition system based on Hadoop. The application layer data packet can be identified by using the Hadoop which processes massive data in parallel, and the feature string of the application layer data packet can be extracted, and the accurate extraction and recognition of the application layer data packet feature can be realized. The main contents of this paper are as follows: firstly, the existing application layer protocol recognition technology, the architecture and working mechanism of Hadoop and Hbase are studied. Secondly, the Apriori algorithm is studied, and the algorithm is improved based on Hadoop, and the MapReduceApriori algorithm, which is based on Hadoop, is proposed to extract the feature string of the application layer protocol. The improved algorithm can solve the problem that it is difficult to extract features from the application layer protocols of non-public specification documents, and that the new protocols are becoming more and more difficult to extract features artificially. Finally, an application layer protocol recognition system based on Hadoop is designed and implemented. Experiments show that the system can recognize the application layer protocol more efficiently and accurately, and extract the feature string of the unrecognized protocol more accurately.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.04

【參考文獻(xiàn)】

相關(guān)期刊論文 前1條

1 劉秋菊;劉書倫;馮艷茹;;基于分類與特征匹配的應(yīng)用層協(xié)議識(shí)別方法[J];計(jì)算機(jī)工程與設(shè)計(jì);2012年07期

相關(guān)碩士學(xué)位論文 前2條

1 韓偉;基于Hadoop云計(jì)算平臺(tái)下DDoS攻擊防御研究[D];太原科技大學(xué);2011年

2 劉俊超;基于正則表達(dá)式的應(yīng)用層協(xié)議識(shí)別技術(shù)研究[D];國防科學(xué)技術(shù)大學(xué);2008年

，

本文編號(hào)：2326281