无线网络环境下未知协议指纹特征识别与分析

发布时间：2018-06-27 20:27

本文选题：指纹特征 + Jaccard参数　；参考：《电子科技大学》2014年硕士论文

【摘要】：无线网络以其灵活性、移动性强等特点已经快速充斥了人们的日常生活,随之而来的无线网络安全需求也日渐增高。由于无线网络的安全问题受到更多的关注,无线网络的安全监管和优化势在必行。针对无线网络环境中,专有的、非公开协议的频繁使用,以及无线网络环境下通信的隐蔽性和无线网络协议的脆弱性等安全问题,本文基于协议逆向工程的基本思想,提出了无线网络环境下未知协议指纹特征识别与分析的方法,希望通过对无线网络环境中的通信协议进行识别分析,实现无线网络安全性检测,及时发现安全问题。在无线网络环境下实现未知协议识别,首先需要从无线比特流数据中完整的提取数据帧,其次需要在提取的数据帧中提取正确的协议特征信息,最后,恰当的描述提取的协议指纹特征也是非常关键的。针对这些关键问题,本文设计了基于前导码识别的数据帧切分、基于关键字的协议特征信息提取和基于有限自动机的指纹特征描述模型这三个解决方案,分别用于解决上述关键问题。在基于前导码识别的数据帧切分中,通过改进AC算法和频繁序列的位置拼接,生成前导码候选集来完成数据帧的切分。在基于关键字的协议特征信息提取中,特征关键字的生成是其中的关键技术,本文通过数据单元切分、Jaccard参数筛选和数据报重放来保证生成正确的特征关键字。在基于有限状态自动机的协议指纹特征描述模型中,协议特征描述模型和状态描述模型可以完整的、有序的将协议特征信息和状态信息组合成一个整体,可以包含协议的所有类型特征,保证协议的完全识别。为了验证未知协议指纹特征识别技术的正确性,本文定义了一系列评价指标,并制定了相应实验对识别技术的每一个步骤进行了验证和评估分析。通过评价实验可以看出,使用未知协议指纹特征描述模型识别协议可以达到100%的准确率和召回率,说明了本文提出的未知协议指纹特征识别技术可以正确的提取协议的指纹特征信息,并完成协议识别工作。
[Abstract]:Wireless network with its flexibility, strong mobility and other characteristics has rapidly flooded people's daily life, followed by a growing demand for wireless network security. As the security of wireless network is paid more attention, it is imperative to supervise and optimize the security of wireless network. In view of the frequent use of proprietary, non-public protocols in wireless network environment, the concealment of communication in wireless network environment and the vulnerability of wireless network protocols, this paper bases on the basic idea of protocol reverse engineering. In this paper, a method of fingerprint feature recognition and analysis of unknown protocols in wireless network environment is proposed. It is hoped that wireless network security detection can be realized by identifying and analyzing communication protocols in wireless network environment, and security problems can be found in time. In order to realize unknown protocol recognition in wireless network environment, first of all, we need to extract the complete data frame from the wireless bit stream data, secondly, we need to extract the correct protocol characteristic information from the extracted data frame. Proper description of extracted protocol fingerprint features is also critical. Aiming at these key problems, this paper designs three solutions: data frame segmentation based on preamble recognition, protocol feature information extraction based on keywords and fingerprint feature description model based on finite automata. They are used to solve the above key problems. In the data frame segmentation based on preamble recognition, by improving the AC algorithm and the position splicing of frequent sequences, the preamble candidate set is generated to complete the data frame segmentation. The generation of feature keywords is the key technology in feature information extraction based on keywords. In this paper, Jaccard parameter filtering and Datagram replay are used to ensure the generation of correct feature keywords. In the protocol fingerprint feature description model based on finite state automata, the protocol feature description model and the state description model can integrate the protocol feature information and the state information into a whole. Can include all types of characteristics of the protocol to ensure full recognition of the protocol. In order to verify the correctness of the fingerprint feature recognition technology of unknown protocols, a series of evaluation indexes are defined, and corresponding experiments are made to verify and evaluate each step of the technology. Through the evaluation experiment, we can see that the accuracy and recall rate can reach 100% by using the unknown protocol to describe the model recognition protocol. It is shown that the unknown protocol fingerprint feature recognition technology proposed in this paper can correctly extract the fingerprint feature information of the protocol and complete the protocol recognition work.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN915.08;TP391.41

【参考文献】