基于帧的通信协议识别技术的研究

发布时间：2018-07-08 16:46

本文选题：协议识别 + 深度包检测　；参考：《电子科技大学》2017年硕士论文

【摘要】：随着信息技术的高速发展,网络逐渐成为了人们日常交流的主要工具,同时人们利用互联网获取各种信息也更加便利和快捷,但是随之而来的则是越来越严重的信息安全问题,例如木马、入侵等问题,计算机网络的完整性、安全性、保密性均受到了非常大的挑战。虽然防火墙、入侵检测等传统的网络安全技术能解决一部分问题,但是对于提高网络服务质量、检测流量异常等要求来说,分析并识别流量所使用的协议类型是最基本的要求。目前常用的网络协议识别软件大多采用单一方法,且只能针对特定的网络数据包或数据流进行识别,自动化程度低,识别准确度不高。针对上述情况本文构建了一种新的协议识别系统,该系统将深度包检测和深度流检测相结合,对非加密的数据使用深度包检测技术,在提取数据包特征之后进行自动推理识别;对未知的加密数据则采用深度流检测技术,提取数据流特征之后使用支持向量机进行分类识别。本文第一部分介绍了数据包特征提取技术并构建了数据包特征提取系统,使用多模式匹配算法和关联规则分析算法相结合的方法来提取协议特征字符串,并将结果存储到协议特征库中。对于加密数据,数据包的内容对于用户来说是不可见的,为此,本文构建了数据流特征提取系统,通过提取数据流特征来进行加密数据的协议识别。提取了数据包特征和数据流特征之后,通过推理识别系统和分类识别系统来进行协议的识别。为此,本文第三部分介绍了系统构建使用的训练数据和测试数据的采集以及预处理,然后通过Jena自动推理机来构建基于数据包的协议识别系统,而通过支持向量机来构建基于数据流的协议识别系统。最后,测试数据表明,所构建的系统在保证准确率的情况下,不仅可以识别多层网络协议,而且提高了识别的自动化程度。从而为网络传输数据分析、状态监控、安全防护等提供了新的技术手段。
[Abstract]:With the rapid development of information technology, the network has gradually become the main tool for people's daily communication. At the same time, it is more convenient and faster for people to use the Internet to obtain all kinds of information, but with it comes more and more serious information security problems. For example, Trojans, intrusions and so on, the integrity, security and confidentiality of computer networks have been greatly challenged. Although traditional network security technologies such as firewalls and intrusion detection can solve some problems, it is the most basic requirement to analyze and identify the types of protocols used in traffic detection for improving network service quality and detecting traffic anomalies. At present, most of the commonly used network protocol recognition software uses a single method, and can only identify the specific network data packets or data streams, the degree of automation is low, the recognition accuracy is not high. In this paper, a new protocol recognition system is constructed, which combines depth packet detection with depth flow detection, uses depth packet detection technology for non-encrypted data, and automatically inferences after extracting data packet features. For the unknown encrypted data, the depth flow detection technique is used, and the feature of the data stream is extracted, and then the support vector machine is used to classify and recognize the unknown encrypted data. In the first part of this paper, we introduce the technology of data packet feature extraction and construct a data packet feature extraction system. We use the combination of multi-pattern matching algorithm and association rule analysis algorithm to extract the protocol feature string. The results are stored in the protocol signature library. For encrypted data, the content of data packet is invisible to the user. Therefore, a data stream feature extraction system is constructed to identify the protocol of encrypted data by extracting the data stream feature. After extracting the data packet features and data flow features, the protocol is identified by inference recognition system and classification recognition system. Therefore, the third part of this paper introduces the acquisition and preprocessing of the training data and test data used in the system construction, and then constructs the protocol recognition system based on data packet through Jena automatic inference engine. The protocol recognition system based on data flow is constructed by support vector machine (SVM). Finally, the test data show that the system can not only recognize the multi-layer network protocol, but also improve the automation degree of recognition. Thus, it provides new technical means for network transmission data analysis, state monitoring, security protection and so on.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】