无线环境下比特流协议帧定位与特征分析
发布时间:2018-07-14 07:57
【摘要】:在现代网络通信环境中,随着无线网络相关技术的迅速发展及其广泛部署,无线网络通信中安全性需求日益突显。由于无线网络传输介质为无线波,而这种介质在本质上就是开放的,这使得网络中传输的数据很容易被截获,同时数据窃密者也可以使用未知或非常规协议来传输数据以达到攻击目的;在网络对抗方面,监听者在侦查截获到对方传输的物理信号后,由于未知协议及其格式而无法从比特流中准确地切割帧并解析帧格式;同时,无线环境下的比特流协议帧定位与特征分析也是对上层未知协议数据识别和分析的重要基础,然而现有的协议特征分析技术大多致力于上层协议格式解析,而由于监听者无法直接获取对方数据的协议格式,在比特流中进行帧定位和特征分析成为进一步解析上层数据的重要基础,同时也是一个难点问题。本文在对国内外帧定位技术和未知协议特征分析技术进行了分析总结和对多模式匹配算法、关联规则挖掘算法、聚类算法和序列比对算法等相关算法研究的基础上,提出了无线网络环境下比特流协议帧定位与特征分析算法,并通过采集真实环境中数据进行了一系列验证实验,本文主要完成了以下研究工作:1.针对国内外现有的帧定位技术的局限性,本文提出了在没有先验知识的情况下通过频繁串提取和关联规则拼接来识别帧同步码从而实现帧定位的方法。该方法利用了改进的AC算法来实现对所有长度为m的模式串统计;同时,考虑到算法性能问题,提出了采用关联规则挖掘算法进行频繁串拼接进而发现比特流中的同步序列;最后,提出利用计算汉明距离来检测比特流数据中同步码出现位置以实现帧定位。2.为了在完整切割后的帧集合中进一步分析协议特征,本文提出了基于聚类算法和改进的序列比对算法的特征分析技术,利用聚类算法将切分后的帧按照协议格式来进行聚类。同时,本文提出采用改进的多序列比对算法和序列相应位的相似度阈值提取各个未知协议帧中相应的协议特征序列来标识不同的协议格式。3.为了验证本文提出算法的有效性和准确性,采集了真实环境下的无线网络通信数据来进行了验证实验,提出了筛选准确率,数据识别率和误识别率等指标,对实验结果进行评价。并采用四种典型的聚类算法对不同帧格式数据进行聚类,并对其性能从时间消耗、资源消耗和准确率等方面进行了比较,总结了四种算法的优点和局限性以及在帧聚类方法中不同适用场景。
[Abstract]:In the modern network communication environment, with the rapid development of wireless network related technology and its extensive deployment, the security requirements in wireless network communication become increasingly prominent. Because the wireless network transmission medium is wireless wave, and this medium is essentially open, which makes it easy to intercept the data transmitted in the network. At the same time, the data stealer can also use unknown or unconventional protocols to transmit data for the purpose of attack. In network countermeasures, the listener detects the physical signals transmitted by the other party. Because of the unknown protocol and its format, the frame can not be accurately cut and analyzed from the bitstream. At the same time, the frame location and feature analysis of the bitstream protocol in wireless environment is also an important basis for the identification and analysis of the upper layer unknown protocol data. However, most of the existing protocol feature analysis techniques are devoted to the upper layer protocol format analysis, but because the listener can not directly obtain the protocol format of the other party's data, Frame location and feature analysis in bitstream is an important basis for further analysis of upper layer data, and it is also a difficult problem. Based on the analysis and summary of frame localization technology and unknown protocol feature analysis technology at home and abroad, and the research of multi-pattern matching algorithm, association rule mining algorithm, clustering algorithm and sequence alignment algorithm, etc. In this paper, a frame localization and feature analysis algorithm for bitstream protocol in wireless network environment is proposed, and a series of verification experiments are carried out by collecting real data. In this paper, the following research work is accomplished: 1. In view of the limitations of existing frame localization techniques at home and abroad, this paper proposes a method to identify frame synchronization codes by frequent string extraction and association rule stitching without prior knowledge. In this method, the improved AC algorithm is used to realize the statistics of all pattern strings whose length is m, meanwhile, considering the performance of the algorithm, an association rule mining algorithm is proposed for frequent string splicing to discover the synchronous sequences in the bitstream. Finally, it is proposed to use the hamming distance to detect the position of the synchronization code in the bitstream data to realize the frame location. In order to further analyze the protocol features in the complete cut frame set, this paper proposes a feature analysis technique based on clustering algorithm and an improved sequence alignment algorithm, which uses the clustering algorithm to cluster the segmented frames according to the protocol format. At the same time, an improved multi-sequence alignment algorithm and the similarity threshold of sequence bits are proposed to extract the corresponding protocol feature sequences from each unknown protocol frame to identify different protocol formats. In order to verify the validity and accuracy of the proposed algorithm, the wireless network communication data in real environment are collected to carry out the verification experiment, and the selection accuracy, data recognition rate and error recognition rate are proposed. The experimental results were evaluated. Four typical clustering algorithms are used to cluster data in different frame formats, and their performance is compared in terms of time consumption, resource consumption and accuracy. The advantages and limitations of the four algorithms and their application in frame clustering are summarized.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN92
本文编号:2120986
[Abstract]:In the modern network communication environment, with the rapid development of wireless network related technology and its extensive deployment, the security requirements in wireless network communication become increasingly prominent. Because the wireless network transmission medium is wireless wave, and this medium is essentially open, which makes it easy to intercept the data transmitted in the network. At the same time, the data stealer can also use unknown or unconventional protocols to transmit data for the purpose of attack. In network countermeasures, the listener detects the physical signals transmitted by the other party. Because of the unknown protocol and its format, the frame can not be accurately cut and analyzed from the bitstream. At the same time, the frame location and feature analysis of the bitstream protocol in wireless environment is also an important basis for the identification and analysis of the upper layer unknown protocol data. However, most of the existing protocol feature analysis techniques are devoted to the upper layer protocol format analysis, but because the listener can not directly obtain the protocol format of the other party's data, Frame location and feature analysis in bitstream is an important basis for further analysis of upper layer data, and it is also a difficult problem. Based on the analysis and summary of frame localization technology and unknown protocol feature analysis technology at home and abroad, and the research of multi-pattern matching algorithm, association rule mining algorithm, clustering algorithm and sequence alignment algorithm, etc. In this paper, a frame localization and feature analysis algorithm for bitstream protocol in wireless network environment is proposed, and a series of verification experiments are carried out by collecting real data. In this paper, the following research work is accomplished: 1. In view of the limitations of existing frame localization techniques at home and abroad, this paper proposes a method to identify frame synchronization codes by frequent string extraction and association rule stitching without prior knowledge. In this method, the improved AC algorithm is used to realize the statistics of all pattern strings whose length is m, meanwhile, considering the performance of the algorithm, an association rule mining algorithm is proposed for frequent string splicing to discover the synchronous sequences in the bitstream. Finally, it is proposed to use the hamming distance to detect the position of the synchronization code in the bitstream data to realize the frame location. In order to further analyze the protocol features in the complete cut frame set, this paper proposes a feature analysis technique based on clustering algorithm and an improved sequence alignment algorithm, which uses the clustering algorithm to cluster the segmented frames according to the protocol format. At the same time, an improved multi-sequence alignment algorithm and the similarity threshold of sequence bits are proposed to extract the corresponding protocol feature sequences from each unknown protocol frame to identify different protocol formats. In order to verify the validity and accuracy of the proposed algorithm, the wireless network communication data in real environment are collected to carry out the verification experiment, and the selection accuracy, data recognition rate and error recognition rate are proposed. The experimental results were evaluated. Four typical clustering algorithms are used to cluster data in different frame formats, and their performance is compared in terms of time consumption, resource consumption and accuracy. The advantages and limitations of the four algorithms and their application in frame clustering are summarized.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN92
【参考文献】
相关期刊论文 前5条
1 万国根;秦志光;;改进的AC-BM字符串匹配算法[J];电子科技大学学报;2006年04期
2 李伟明;张爱芳;刘建财;李之棠;;网络协议的自动化模糊测试漏洞挖掘方法[J];计算机学报;2011年02期
3 张红云,刘向东,段晓东,苗夺谦,马垣;数据挖掘中聚类算法比较研究[J];计算机应用与软件;2003年02期
4 张一嘉;;局域网链路层数据帧识别算法的设计与实现[J];通信对抗;2007年04期
5 孙超;;等帧长信号帧长度估计技术研究[J];无线电工程;2013年02期
相关硕士学位论文 前1条
1 李树政;基于Snort系统快速模式匹配算法的研究[D];吉林大学;2009年
,本文编号:2120986
本文链接:https://www.wllwen.com/kejilunwen/wltx/2120986.html
