基于协议首部的字节频率统计特征发现方法

发布时间：2018-06-19 20:35

本文选题：协议识别 + token化　；参考：《计算机工程》2015年02期

【摘要】：应用协议识别在网络安全领域具有极其广泛的应用,而如何发现协议特征是协议识别的核心问题。为此,提出一种高效准确的协议特征自动发现方法。利用协议自身的格式特点,将消息进行token化,并根据token序列对消息进行分类。由分类数的变化曲线大致判别协议的首部长度,从而确定字频统计的范围。对数据流中每个数据包的消息首部进行字节频率统计,并将字节频率进行归一化处理,得到字节频率特征向量。通过计算待测协议与样本协议的余弦相似度对协议进行分类和识别。实验结果表明,用该方法所提取的特征进行识别,准确率超过93.5%。
[Abstract]:Application protocol recognition has a wide range of applications in the field of network security, and how to find protocol features is the core problem of protocol recognition. Therefore, an efficient and accurate automatic protocol feature discovery method is proposed. Based on the format of the protocol, the message is token and classified according to the token sequence. The range of word frequency statistics is determined by judging the length of the first part of the protocol by the variation curve of classification number. The byte frequency of the first part of each packet in the data stream is counted, and the byte frequency is normalized to obtain the byte frequency eigenvector. The protocol is classified and recognized by calculating the cosine similarity between the protocol to be tested and the sample protocol. The experimental results show that the accuracy of the features extracted by this method is more than 93. 5%.
【作者单位】：数学工程与先进计算国家重点实验室;
【基金】：国家自然科学基金资助项目(61309007) 国家“863”计划基金资助项目(2012AA012902)
【分类号】：TP393.08

【共引文献】