期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于隐马尔可夫模型的协议识别技术 被引量:4

Protocol Identification Based on Hidden Markov Model
在线阅读 下载PDF
导出
摘要 随着网络的高速发展和协议的复杂化,传统的基于端口号和特征串的应用层协议识别算法的识别率已明显下降。基于协议统计特征的模式识别方法应运而生,文章提出了一种基于隐马尔可夫模型的协议识别技术,选取包长、包到达时间间隔、包传输方向等数据包外部特征组成特征矢量,避免了对数据具体内容的解析;引入了增量学习的思想,实现了对未知协议的主动学习。实验结果显示,该算法对于控制报文和数据报文均加密的应用层协议同样有很好的识别效果,识别率达到了90%以上。 With the rapid development of networks and increasing complexity of new protocols,traditional portbased and payload-based application-layer protocol identification methods are falling behind with poor identification performance.So patlern-matching identification methods based on statistical characteristics have become popular.This paper p roposes a protocol identification technique using Hidden Markov Model(HMM),whose characteristic oector consists of packet external properties such as packet sizes,inter-arrival times,and packet 's franster direction,avoiding in-depth packet payload inspection.Incremental learning is introduced to achieve active learning fr om unknown application-layer protocols.Experiments show that this method can substantia lly increase identification accuracy(above 90%) of encrypted application-layer prolocols.
作者 何中阳 杨白薇 李鸥 刘洋
机构地区 信息工程大学信息工程学院
出处 《信息工程大学学报》 2011年第5期596-600,共5页 Journal of Information Engineering University
基金 国家自然科学基金资助项目(60872043) 国家863计划资助项目(2009AA01Z207)
关键词 隐马尔可夫模型 协议识别 特征提取 增量学习 Hidden Markov Model protocol identification charaderistics selection incremental learning
分类号 TN915.04 [电子电信—通信与信息系统]
作者简介 何中阳(1985-),男,硕士生,主要研究方向为网络协议分析。
  • 相关文献

参考文献8

  • 1陈亮,龚俭,徐选.应用层协议识别算法综述[J].计算机科学,2007,34(7):73-75. 被引量:33
  • 2吴震,刘兴彬,童晓民.基于信息熵的流量识别方法[J].计算机工程,2009,35(20):115-116. 被引量:5
  • 3Wright C, Monrose F, Masson G. Hmm Profiles for Network Traffic Classfication( Extended Abstract) [ C ~//Proceedings of the 2004 ACM Workshop on Visualization and Data Mining fot Computer Security. 2004 : 9-15.
  • 4Wright C, Monrose F, Masson G. Towards Better Protocol Identification using Profile HMMs[R]. JHU Tech. Rep. JI-IU- SPAR051201, Jun, 2005.
  • 5Jose" Rverardo Bessa Maia, Raimit Holanda Filho. Internet Traffic Classification using a Hidden Markov Model[ C ]//10th In- ternational Conference on Hybrid Interlligent Systems. 2010: 37-42.
  • 6张丽君,吴晓娟,盛赞,亓磊.基于HMM复杂场景下的行为识别方法[J].计算机工程,2008,34(7):212-214. 被引量:10
  • 7史志才,陶龙明.复杂网络攻击的HMM检测模型[J].计算机工程,2009,35(12):106-108. 被引量:1
  • 8王炳锡,屈丹,彭煊.实用语言识别基础[M].北京:国防工业出版社,2005.

二级参考文献30

  • 1Terran L. Machine Learning Techniques for the Computer Security Domain of Anomaly Detection[D]. West Lafayette, IN: Purdue Univerisy, 2000-08.
  • 2Cho S B, Park H J. Efficient Anomaly Detection by Modeling Privilege Flows Using Hidden Markov Model[J]. Computers & Security, 2003, 22(1): 45-55.
  • 3Evans S, Heinbuch D, Kyule E, et al. Risk-based Systems Security Engineering: Stopping Attacks with Intention[J]. IEEE Trans. on Security and Privacy, 2004, 8(6): 59-62.
  • 4Subhabrata S, Oliver S, Wang Dongmei. Accurate, Scalable in Network Identification of P2P Traffic Using Application Signatures[C]//Proc. of International World Wide Web Conference. New York, USA: Is. n.], 2004: 512-521.
  • 5Moorea A W, Zuev D. Intemet Traffic Classification Using Bayesian Analysis Techniques[C]//Proc. of ACM SIGMETRICS'05. Banff, Alberta, Canada: [s. n.], 2005: 50-60.
  • 6Yuan Jing, Li Zhu, Yuan Ruixi. Information Entropy Based Clustering Method for Unsupervised Intemet Traffic Classification[C]//Proc, of IEEE International Conference on Communications. Beijing, China: [s. n.], 2008: 1588-1592.
  • 7Xu Kuai, Zhang Zhili, Bhattacharyya S. Profiling Interact Backbone Traffic: Behavior Models and Applications[C]//Proc. of ACM SIGCOMM'05. Philadelphia, PA, USA: [s. n.], 2005:169-180.
  • 8Sen S, Wang J. Analyzing Peer-to-Peer Traffic across Large Networks[C]. IEEE/ACM Transactions on Networking. NJ: IEEE Press, 2004. 219-232
  • 9Plissonneau L, Costeux J L, Brown P. Analysis of Peer-to-Peer Traffic on ADSL[J]. In PAM 2005, volume 3431 of LNCS Springer, 2005.69-82
  • 10RFC3971. Requirements for IP Flow Information Export (IPFIX) [S].

共引文献45

同被引文献45

  • 1熊刚,孟姣,曹自刚,王勇,郭莉,方滨兴.网络流量分类研究进展与展望[J].集成技术,2012,1(1):32-42. 被引量:25
  • 2Rabiner A, Lawrance R. A tutorial on hidden markov models and selected application in speech recognition. Proc. of the IEEE, 1989,(77)2:257-285.
  • 3Barlas Y, Kanar K. A dynamic pattern-oriented test for model validation. Proc. of 4th System Science European Congress. Spain: Valencia, 1999: 269-286.
  • 4Dainotti A, Pescape A, Salvo Rossi P. An HMM approach to internet traffic modeling. Proc. of the IEEE GLOBECOM. 2006: 1-6.
  • 5Paolo Milani Comparetti,Gilbert Wondracek,Christopher Kruegel,et al.Prospex:Protocol specification extraction[C]//30th IEEE Symposium on Security and Privacy,2009:110-125.
  • 6Gilbert Wondracek,Paolo Milani Comparetti,Christopher Kruegel,et al.Automatic network protocol analysis[C]//Proceedings of the 15th Annual Network and Distributed System Security Symposium,2008:125-130.
  • 7Joao Antunes,Nuno Ferreira Neves,Paulo Verissimo.Reverse engineering of protocols from network traces[C]//18th Working Conference on Reverse Engineering,2011:169-178.
  • 8PAN Fan,HONG Zheng,DU Youxiang,et al.Efficient protocol reverse method based on network trace analysis[J].International Journal of Digital Content Technology and its Applications,2012,20(6):201-210.
  • 9Luo Jianzhen,Yu Shunzheng.Position-based automatic reverse engineering of network protocols[J].Journal of Network and Computer Applications,2013,36(3):1070-1077.
  • 10Mingming X,Shunzheng Y.Recovering models of network protocol using grammatical inference[J].Procedia Engineering,2011,15:3764-3768.

引证文献4

二级引证文献14

信息工程大学学报
2011年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部