基于离散序列报文的协议格式特征自动提取算法

发布时间：2018-04-17 08:20

本文选题：离散序列报文 + 协议关键字提取　；参考：《计算机应用》2017年04期

【摘要】：针对缺少会话信息的离散序列报文,提出一种基于离散序列报文的协议格式(SPMbFSC)特征自动提取算法。SPMbFSC在对离散序列报文进行聚类的基础上,通过改进的频繁模式挖掘算法提取出协议关键字,进一步对协议关键字进行选择,筛选出协议格式特征。仿真结果表明,SPMbFSC在以单个报文为颗粒度的识别中对FTP、HTTP等六种协议的识别率均能达到95%以上,在以会话为颗粒度的识别中识别率可达90%。同等实验条件下性能优于自适应特征(AdapSig)提取方法。实验结果表明SPMbFSC不依赖会话数据的完整性,更符合实际应用中由于接收条件限制导致会话信息不完整的情形。
[Abstract]:In view of the lack of session information in discrete sequence packets, a protocol format named SPMbFSC based on discrete sequence packets is proposed. SPMbFSC is based on clustering discrete sequence packets.Through the improved frequent pattern mining algorithm, the protocol keywords are extracted, then the protocol keywords are selected, and the protocol format features are screened out.The simulation results show that SPMbFSC can recognize more than 95% of the six protocols, such as FTPU HTTP, in the recognition of single packet size, and the recognition rate can reach 90% in the case of session granularity recognition.Under the same experimental conditions, the performance is better than the adaptive characteristic Adapter Sigma extraction method.The experimental results show that SPMbFSC does not depend on the integrity of session data, and it is more suitable for the incomplete session information due to the limitation of reception conditions in practical applications.
【作者单位】：信息工程大学信息系统工程学院;
【分类号】：TP393.06

【相似文献】