【摘要】：在軍事及商用領(lǐng)域的通信環(huán)境中,出于安全的考慮需對(duì)通信進(jìn)行監(jiān)聽,協(xié)議識(shí)別是主要手段之一。在高層協(xié)議進(jìn)行檢測(cè)的技術(shù)較為成熟,而在鏈路層進(jìn)行協(xié)議識(shí)別的研究并不多見,然而在無線信道監(jiān)視、電子對(duì)抗、衛(wèi)星通信等領(lǐng)域,對(duì)數(shù)據(jù)鏈路層協(xié)議的識(shí)別、幀切割技術(shù)有切實(shí)的需求。鏈路協(xié)議識(shí)別與分析的一個(gè)難點(diǎn)在于其分析目標(biāo)數(shù)據(jù)是比特流,字符集的特殊性嚴(yán)重制約著識(shí)別分析的效率。目前存在著眾多的鏈路層協(xié)議,其中大多數(shù)協(xié)議的幀格式定義是非公開的,因此如何對(duì)未知數(shù)據(jù)鏈路層的比特流進(jìn)行幀切割是另一個(gè)難點(diǎn)問題。本文針對(duì)面向比特流的鏈路層協(xié)議識(shí)別與分析技術(shù)進(jìn)行研究,并對(duì)其中的上述兩個(gè)難點(diǎn)問題進(jìn)行重點(diǎn)研究,分別提出各自的解決方案。 1)如何提高典型鏈路層協(xié)議的分析識(shí)別效率問題。通過分析發(fā)現(xiàn),限制效率的瓶頸在于模式匹配算法,這是因?yàn)檫@些經(jīng)典算法不適應(yīng)比特流場(chǎng)景。針對(duì)本文的特殊場(chǎng)景,在經(jīng)典QS (quick search)算法的思想上,結(jié)合比特流的特點(diǎn)進(jìn)行優(yōu)化,提出了編碼QS算法。實(shí)驗(yàn)證明了本算法的有效性,并通過與其它方案的對(duì)比說明了本方案的優(yōu)勢(shì)之處。 2)如何在鏈路協(xié)議格式完全未知的情況下進(jìn)行幀提取的問題。本文提出了一種基于數(shù)據(jù)挖掘的比特流切割算法。首先分析了協(xié)議幀的結(jié)構(gòu)以及數(shù)據(jù)流中幀內(nèi)的關(guān)聯(lián)特性,然后通過頻繁統(tǒng)計(jì)和關(guān)聯(lián)規(guī)則驗(yàn)證,識(shí)別提取出標(biāo)志著幀起始的特征序列和關(guān)聯(lián)規(guī)則序列,針對(duì)用戶設(shè)定的結(jié)果數(shù)量門限N,能夠給出N種最具可能性的切割方案。實(shí)際數(shù)據(jù)測(cè)試驗(yàn)證了該算法的有效性和魯棒性。
[Abstract]:In the communication environment of military and commercial fields, it is necessary to monitor the communication for the sake of security, and protocol identification is one of the main methods. The technology of detecting high layer protocol is mature, but the research of protocol identification in link layer is rare. However, in the fields of wireless channel monitoring, electronic countermeasure, satellite communication, etc., the data link layer protocol is recognized. Frame cutting technology has practical requirements. The difficulty of link protocol identification and analysis is that the target data is bit stream, and the specificity of character set seriously restricts the efficiency of recognition and analysis. At present, there are many link layer protocols, most of which have non-public frame format definition, so how to cut the bitstream of unknown data link layer is another difficult problem. In this paper, the technology of link layer protocol identification and analysis for bit-stream is studied, and the two difficult problems mentioned above are emphatically studied, and their respective solutions are put forward. 1) how to improve the efficiency of analysis and identification of typical link layer protocols. It is found that the bottleneck of the efficiency is the pattern matching algorithm, which is because these classical algorithms are not suitable for the bitstream scene. Based on the idea of classical QS (quick search) algorithm and the characteristics of bit stream, a coding QS algorithm is proposed for the special scene in this paper. Experiments show that the algorithm is effective and its advantages are illustrated by comparison with other schemes. 2) how to extract frames when the format of link protocol is completely unknown. In this paper, a bit stream cutting algorithm based on data mining is proposed. Firstly, the structure of the protocol frame and the association characteristics in the frame are analyzed. Then, the feature sequence and the association rule sequence marking the start of the frame are extracted by frequent statistics and association rule verification. According to the threshold N of the number of results set by the user, the most probable cutting scheme can be given. The effectiveness and robustness of the algorithm are verified by real data test.
【學(xué)位授予單位】：中國科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN915.04

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 賀培港;;一種新型的網(wǎng)絡(luò)協(xié)議分析模型[J];電腦與電信;2011年02期

2 姚秀娟;李雪;;CCSDS空間鏈路層協(xié)議識(shí)別技術(shù)研究[J];航天電子對(duì)抗;2012年02期

3 王永成,沈州,許一震;改進(jìn)的多模式匹配算法[J];計(jì)算機(jī)研究與發(fā)展;2002年01期

4 唐謙,張大方;入侵檢測(cè)中模式匹配算法的性能分析[J];計(jì)算機(jī)工程與應(yīng)用;2005年17期

5 李雄偉;王希武;王盼卿;;基于模式串匹配的Ethernet協(xié)議識(shí)別算法研究[J];計(jì)算機(jī)工程與應(yīng)用;2007年29期

6 陳亮;龔儉;徐選;;應(yīng)用層協(xié)議識(shí)別算法綜述[J];計(jì)算機(jī)科學(xué);2007年07期

7 楊武,方濱興,云曉春,張宏莉;入侵檢測(cè)系統(tǒng)中高效模式匹配算法的研究[J];計(jì)算機(jī)工程;2004年13期

8 宋疆;張春瑞;張楠;李芬;吳艷梅;;基于數(shù)據(jù)報(bào)指紋關(guān)系的未知協(xié)議識(shí)別與發(fā)現(xiàn)[J];計(jì)算機(jī)應(yīng)用研究;2012年12期

9 許家銘;李曉東;金鍵;馬盈;;一種高效的多模式字符串匹配算法[J];計(jì)算機(jī)工程;2014年03期

10 巫喜紅;;改進(jìn)的QS模式匹配算法的性能分析[J];計(jì)算機(jī)工程與應(yīng)用;2014年02期

，

本文編號(hào)：2335878