面向比特流的链路协议识别与分析技术
发布时间:2018-11-16 15:26
【摘要】:在军事及商用领域的通信环境中,出于安全的考虑需对通信进行监听,协议识别是主要手段之一。在高层协议进行检测的技术较为成熟,而在链路层进行协议识别的研究并不多见,然而在无线信道监视、电子对抗、卫星通信等领域,对数据链路层协议的识别、帧切割技术有切实的需求。链路协议识别与分析的一个难点在于其分析目标数据是比特流,字符集的特殊性严重制约着识别分析的效率。目前存在着众多的链路层协议,其中大多数协议的帧格式定义是非公开的,因此如何对未知数据链路层的比特流进行帧切割是另一个难点问题。本文针对面向比特流的链路层协议识别与分析技术进行研究,并对其中的上述两个难点问题进行重点研究,分别提出各自的解决方案。 1)如何提高典型链路层协议的分析识别效率问题。通过分析发现,限制效率的瓶颈在于模式匹配算法,这是因为这些经典算法不适应比特流场景。针对本文的特殊场景,在经典QS (quick search)算法的思想上,结合比特流的特点进行优化,提出了编码QS算法。实验证明了本算法的有效性,并通过与其它方案的对比说明了本方案的优势之处。 2)如何在链路协议格式完全未知的情况下进行帧提取的问题。本文提出了一种基于数据挖掘的比特流切割算法。首先分析了协议帧的结构以及数据流中帧内的关联特性,然后通过频繁统计和关联规则验证,识别提取出标志着帧起始的特征序列和关联规则序列,针对用户设定的结果数量门限N,能够给出N种最具可能性的切割方案。实际数据测试验证了该算法的有效性和鲁棒性。
[Abstract]:In the communication environment of military and commercial fields, it is necessary to monitor the communication for the sake of security, and protocol identification is one of the main methods. The technology of detecting high layer protocol is mature, but the research of protocol identification in link layer is rare. However, in the fields of wireless channel monitoring, electronic countermeasure, satellite communication, etc., the data link layer protocol is recognized. Frame cutting technology has practical requirements. The difficulty of link protocol identification and analysis is that the target data is bit stream, and the specificity of character set seriously restricts the efficiency of recognition and analysis. At present, there are many link layer protocols, most of which have non-public frame format definition, so how to cut the bitstream of unknown data link layer is another difficult problem. In this paper, the technology of link layer protocol identification and analysis for bit-stream is studied, and the two difficult problems mentioned above are emphatically studied, and their respective solutions are put forward. 1) how to improve the efficiency of analysis and identification of typical link layer protocols. It is found that the bottleneck of the efficiency is the pattern matching algorithm, which is because these classical algorithms are not suitable for the bitstream scene. Based on the idea of classical QS (quick search) algorithm and the characteristics of bit stream, a coding QS algorithm is proposed for the special scene in this paper. Experiments show that the algorithm is effective and its advantages are illustrated by comparison with other schemes. 2) how to extract frames when the format of link protocol is completely unknown. In this paper, a bit stream cutting algorithm based on data mining is proposed. Firstly, the structure of the protocol frame and the association characteristics in the frame are analyzed. Then, the feature sequence and the association rule sequence marking the start of the frame are extracted by frequent statistics and association rule verification. According to the threshold N of the number of results set by the user, the most probable cutting scheme can be given. The effectiveness and robustness of the algorithm are verified by real data test.
【学位授予单位】:中国科学技术大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN915.04
本文编号:2335878
[Abstract]:In the communication environment of military and commercial fields, it is necessary to monitor the communication for the sake of security, and protocol identification is one of the main methods. The technology of detecting high layer protocol is mature, but the research of protocol identification in link layer is rare. However, in the fields of wireless channel monitoring, electronic countermeasure, satellite communication, etc., the data link layer protocol is recognized. Frame cutting technology has practical requirements. The difficulty of link protocol identification and analysis is that the target data is bit stream, and the specificity of character set seriously restricts the efficiency of recognition and analysis. At present, there are many link layer protocols, most of which have non-public frame format definition, so how to cut the bitstream of unknown data link layer is another difficult problem. In this paper, the technology of link layer protocol identification and analysis for bit-stream is studied, and the two difficult problems mentioned above are emphatically studied, and their respective solutions are put forward. 1) how to improve the efficiency of analysis and identification of typical link layer protocols. It is found that the bottleneck of the efficiency is the pattern matching algorithm, which is because these classical algorithms are not suitable for the bitstream scene. Based on the idea of classical QS (quick search) algorithm and the characteristics of bit stream, a coding QS algorithm is proposed for the special scene in this paper. Experiments show that the algorithm is effective and its advantages are illustrated by comparison with other schemes. 2) how to extract frames when the format of link protocol is completely unknown. In this paper, a bit stream cutting algorithm based on data mining is proposed. Firstly, the structure of the protocol frame and the association characteristics in the frame are analyzed. Then, the feature sequence and the association rule sequence marking the start of the frame are extracted by frequent statistics and association rule verification. According to the threshold N of the number of results set by the user, the most probable cutting scheme can be given. The effectiveness and robustness of the algorithm are verified by real data test.
【学位授予单位】:中国科学技术大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TN915.04
【参考文献】
相关期刊论文 前10条
1 贺培港;;一种新型的网络协议分析模型[J];电脑与电信;2011年02期
2 姚秀娟;李雪;;CCSDS空间链路层协议识别技术研究[J];航天电子对抗;2012年02期
3 王永成,沈州,许一震;改进的多模式匹配算法[J];计算机研究与发展;2002年01期
4 唐谦,张大方;入侵检测中模式匹配算法的性能分析[J];计算机工程与应用;2005年17期
5 李雄伟;王希武;王盼卿;;基于模式串匹配的Ethernet协议识别算法研究[J];计算机工程与应用;2007年29期
6 陈亮;龚俭;徐选;;应用层协议识别算法综述[J];计算机科学;2007年07期
7 杨武,方滨兴,云晓春,张宏莉;入侵检测系统中高效模式匹配算法的研究[J];计算机工程;2004年13期
8 宋疆;张春瑞;张楠;李芬;吴艳梅;;基于数据报指纹关系的未知协议识别与发现[J];计算机应用研究;2012年12期
9 许家铭;李晓东;金键;马盈;;一种高效的多模式字符串匹配算法[J];计算机工程;2014年03期
10 巫喜红;;改进的QS模式匹配算法的性能分析[J];计算机工程与应用;2014年02期
,本文编号:2335878
本文链接:https://www.wllwen.com/kejilunwen/wltx/2335878.html
