CN106878307B - A kind of unknown communication protocol recognition method based on bit error rate model - Google Patents
A kind of unknown communication protocol recognition method based on bit error rate model Download PDFInfo
- Publication number
- CN106878307B CN106878307B CN201710093147.3A CN201710093147A CN106878307B CN 106878307 B CN106878307 B CN 106878307B CN 201710093147 A CN201710093147 A CN 201710093147A CN 106878307 B CN106878307 B CN 106878307B
- Authority
- CN
- China
- Prior art keywords
- data
- protocol
- character string
- string
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
- G06F16/24564—Applying rules; Deductive queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
- G06F16/90344—Query processing by using string matching techniques
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Communication Control (AREA)
Abstract
The invention discloses a kind of unknown communication protocol recognition methods based on bit error rate model to extract the protocol characteristic string of known protocol, construct protocol characteristic library by combining multi-pattern matching algorithm and Association Rule Analysis algorithm.Then, when identifying the protocol type that identified data use, the maximum errored bit number that identified data allow is calculated, and extracts the feature string of identified data using fuzzy matching algorithm within the scope of this errored bit number.Finally, obtaining protocol type used by identified data by automated reasoning.Therefore, this recognition methods can be improved data discrimination, have good recognition effect for the data with error code.
Description
Technical field
The invention belongs to computer network security technology fields, more specifically, are related to a kind of based on bit error rate model
Unknown communication protocol recognition method.
Background technique
With the rapid development of the communication technology, network communication becomes the main exchange way of people's daily life, therewith
And what is come is then increasingly severe Network Information Security Problem.For traditional network security technology, portion can only be solved
Divide problem, and accurately identifies that agreement used in communication data is important for overcoming traditional network safe practice defect to have
Meaning is to study Differentiated Services, intrusion detection, traffic monitoring and the premise and basis for analyzing user behavior.Currently, network is assisted
View identification technology has been rapidly developed and applied, and main includes being identified based on port, stream feature and load behavior.
Mainly application layer protocol is identified based on well-known port number identification technology, principle is existed according to each application layer protocol
The port numbers registered in IANA carry out identification protocol;It is substantially a kind of data based on statistical attribute based on stream feature detection techniques
Packet classification algorithm mainly leads to the difference of data stream property using the difference of protocol specification to distinguish each agreement;Based on negative
Being loaded into row protocol identification is exactly to be identified using data characteristics to agreement.
In above legacy protocol identification technology, agreement is carried out frequently with precise recognition methods such as multi-mode matchings
Feature extraction then carries out data protocol identification according to the data characteristics of extraction.But during actual data transfer usually
In the presence of accidentally frame condition, such as in wireless communication procedure, following reason will likely cause accidentally frame: 1, when reception signal is very weak.2,
When pilot pollution.3, in handover between cells.4, it is Zone switched it is interior can not switch when.It will in the case of especially the 4th kind
There is serious accidentally frame, the frame error rate currently required that is typically less than equal to 1%, wherein 1%~2% indicates that speech quality is good
Good, 2%~3% indicates that speech quality is general, and 3%~5% indicates that speech quality is poor, and 5%~10% indicates that speech quality is non-
Often poor, therefore, the probability that accidentally the case where frame occurs in communication process is very big.In addition the length of Ethernet and 802.3 pairs of data frames
The maximum limitation of degree is respectively 1500 and 1492 bytes, and protocol characteristic string is generally between 1 to 6 bytes.Therefore, most short spy is chosen
Feature string error rate is calculated 0.00667 ‰ to 0.4 ‰ in sign string, minimum frame error rate and longest feature string, maximum
Between.I.e. in the worst case, the probability that have 0.4 ‰ can not be identified and is dropped by data frame.Pacify especially for national defence
For complete and military confrontation field, this precision is far from satisfying demand.
Based on the above analysis, when error code is just present in protocol characteristic string possessed by data, it is based on multimode
Formula matching the methods of accurate recognition system can not often identify this data, thus to error code data not as and abandon, at this time
It will lead to the decline of data discrimination.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of, and the unknown communication based on bit error rate model is assisted
Recognition methods is discussed, under normal error condition, Fuzzy feature is carried out to the frame with error code, and in maximum errored bit number
Frame in range still carries out unknown communication protocol identification, thus improves data discrimination, to reach preferably identification effect
Fruit.
For achieving the above object, a kind of unknown communication protocol recognition method based on bit error rate model of the present invention,
It is characterized in that, comprising the following steps:
(1), data acquisition and pretreatment
It is stored using the communication data in network packet catcher crawl network, then by communication data according to frame format,
And each frame carries out binary system processing, the known protocol communication data for finally completing processing is as training data, by unknown association
Communication data is discussed as identified data;
(2), feature extraction is carried out to training data, obtains protocol characteristic library
(2.1), Frequent Set is extracted using pattern matching algorithm
According to the length that existing network protocol features character string allows, the binary-coded character of 1~6 all byte of exhaustion
String, is denoted as { p1, p2, p3..., pm, pmM-th of string of binary characters is indicated, finally by all binary-coded characters of exhaustion
String is used as model string;
Each frame data in training data are extracted, target string { t is formed1, t2, t3..., tn, tnIndicate n-th
Frame data;
By { p1, p2, p3..., pmAnd { t1, t2, t3..., tnInput as pattern matching algorithm, pass through
Pattern matching algorithm is matched, and the successful model string of record matching and its position in target string, most
It counts afterwards and occurs the frame number of same model string in same position, and the model string by frame number accounting greater than M% defines
All frequent character strings are finally formed Frequent Set { f by the frequent character string of agreement thus1, f2, f3..., fK, fKIt indicates
The frequent character string of k-th;
(2.2), protocol characteristic is extracted using Association Rule Analysis algorithm
By Frequent Set { f1, f2, f3..., fKAnd frequently the position that occurs in each frame of character string as association rule
The then input of parser is associated rule analysis to frequent character string by Association Rule Analysis algorithm, obtains associated characters
Symbol string, then the number accounting for counting the number and position of associated character string appearance, and associated character string being occurred is greater than M%'s
Associated character string is as recognition rule, finally by the frequent character string { f in recognition rule1, f2, f3..., fkDeposit association
It discusses in feature database, wherein fkIndicate kth (k≤K) a frequent character string;
(3), fuzzy characteristics collection is obtained using fuzzy matching algorithm
(3.1), the maximum errored bit number that identified data allow is calculated
Wherein, L1 indicates the length of the longest feature string allowed, and L2 indicates that the frame length of identified data frame, FER indicate
The frame error rate of identified data;
(3.2), it according to protocol characteristic library, is extracted using fuzzy matching algorithm all fuzzy within the scope of maximum errored bit number
Feature string
By identified data, frequent character string { f1, f2, f3..., fkAnd the maximum accidentally ratio that allows of identified data
Input of the special number as fuzzy matching algorithm, is matched by fuzzy matching algorithm, the successful fuzzy characteristics word of record matching
Symbol string and its position in identified data frame, and it is deposited into fuzzy characteristics concentration;
(4), using the protocol type of Jena automatic reasoner identification frame
Initially set up inference rule library, then fuzzy characteristics character string that fuzzy characteristics is concentrated and inference rule library as
The input of Jena automatic reasoner, and make inferences, obtain protocol type corresponding to each group of fuzzy characteristics character string, as
The protocol type of this frame.
Goal of the invention of the invention is achieved in that
A kind of unknown communication protocol recognition method based on bit error rate model of the present invention, by by multi-pattern matching algorithm and
Association Rule Analysis algorithm combines, and extracts the protocol characteristic string of known protocol, constructs protocol characteristic library.Then, in identification quilt
When identifying the protocol type that data use, the maximum errored bit number that identified data allow is calculated, and in this errored bit number
The feature string of identified data is extracted in range using fuzzy matching algorithm.Finally, obtaining identified data by automated reasoning
Used protocol type.Therefore, this recognition methods can be improved data discrimination, have for the data with error code good
Recognition effect.
Meanwhile a kind of unknown communication protocol recognition method based on bit error rate model of the present invention also has below beneficial to effect
Fruit:
(1), by combining multi-pattern matching algorithm and Association Rule Analysis algorithm, existing association can accurately be extracted
The protocol characteristic string of view rejects the protocol characteristic string of mistake, provides approach to construct the protocol characteristic library of complete and accurate;
(2), in practical identification process, using Fuzzy Feature Extraction Analysis, compared with traditional accurate protocol identification technology
Compared with the utilization rate of data being improved, to also improve data discrimination.Meanwhile during identification, maximum miss is introduced
The concept of bit number controls the data errors degree in identification process, ensure that the identification of error code data is accurate
Rate;
(3), be extracted after data fuzzy characteristics string, data are made inferences using Jena inference machine or SVM or
Person's Classification and Identification improves the degree of automation of protocol identification, thus, improve the efficiency of protocol identification.
Detailed description of the invention
Fig. 1 is the unknown communication protocol recognition method flow chart the present invention is based on bit error rate model;
Fig. 2 is the identification process figure of Jena automatic reasoner;
Fig. 3 is the identification process figure of SVM support vector machines.
Specific embodiment
A specific embodiment of the invention is described with reference to the accompanying drawing, preferably so as to those skilled in the art
Understand the present invention.Requiring particular attention is that in the following description, when known function and the detailed description of design perhaps
When can desalinate main contents of the invention, these descriptions will be ignored herein.
Embodiment
Fig. 1 is the unknown communication protocol recognition method flow chart the present invention is based on bit error rate model.
In the present embodiment, as shown in Figure 1, a kind of unknown communication protocol identification side based on bit error rate model of the present invention
Method, comprising the following steps:
S1, data acquisition and pretreatment
Data acquisition: using the communication data in the tools such as winpcap, libpcap crawl network, the data obtained can
To be wirelessly or non-wirelessly data;Other communications in addition to ICP/IP protocol can also be acquired by other data gathering tools
Should having for data its agreement used for identifying for protocol data, such as satellite communications data etc., but all acquisitions is bright
True protocol characteristic, in order to have the possibility inversely identified.
Data prediction: for network protocol, mostly being transmitted as unit of frame in transmission process, and the communication acquired
What data were also substantially stored as unit of frame, therefore the communication data of acquisition is deposited with stringent frame format
Storage processing, and each frame data format can be handled using binary system or hexadecimal, in the present embodiment, each frame data make
It is handled with binary system;It, will be unknown using the communication data of known protocol therein as training data after the completion of communication data processing
The communication data of agreement is as identified data.Cable network data is had chosen in the present embodiment to be analyzed, and with application
Layer http protocol illustrates entire recognition methods as analysis object.
S2, feature extraction is carried out to training data, obtains protocol characteristic library
To training data carry out feature extraction main purpose be obtain specific protocol protocol characteristic, and herein just for
Data packet feature.In the present embodiment, it can be in multi-pattern matching algorithm and data mining using the method for feature extraction
Association Rule Analysis algorithm combines, wherein extract Frequent Set using multi-pattern matching algorithm, algorithm include AC algorithm,
AC-BM algorithm, Wu-Manber algorithm etc.;It is carried out using Frequent Set of the Association Rule Analysis algorithm in data mining to extraction
Association analysis rejects the Frequent Set of mistake, wherein available algorithm includes Apriori algorithm, FP-Growth algorithm.
Two kinds of algorithms are described in detail below, are specifically included:
S2.1, Frequent Set is extracted using pattern matching algorithm
According to the length that existing network protocol features character string allows, the binary-coded character of 1~6 all byte of exhaustion
String, is denoted as { p1, p2, p3..., pm, pmM-th of string of binary characters is indicated, finally by all binary-coded characters of exhaustion
String is used as model string;
Each frame data in training data are extracted, target string { t is formed1, t2, t3..., tn, tnIndicate n-th
Frame data;
By { p1, p2, p3..., pmAnd { t1, t2, t3..., tnInput as pattern matching algorithm, pass through
Pattern matching algorithm is matched, and the successful model string of record matching and its position in target string, most
It counts afterwards and occurs the frame number of same model string in same position, and the model string by frame number accounting greater than 95% defines
All frequent character strings are finally formed Frequent Set { f by the frequent character string of agreement thus1, f2, f3..., fK, fKIt indicates
The frequent character string of k-th;
S2.2, protocol characteristic is extracted using Association Rule Analysis algorithm
By Frequent Set { f1, f2, f3..., fKAnd frequently the position that occurs in each frame of character string as association rule
The then input of parser is associated rule analysis to frequent character string by Association Rule Analysis algorithm, obtains associated characters
Symbol string, also referred to as correlation rule, then the number and position of associated character string appearance is counted, and frequency of occurrence accounting is greater than
95% correlation rule as recognition rule,
Finally by the frequent character string { f in recognition rule1, f2, f3..., fkBe stored in protocol characteristic library, wherein
fkIndicate kth (k≤K) a frequent character string;
It in the present embodiment, is using application layer of the Transmission Control Protocol as transport layer protocol in fact for http protocol
Agreement has the feature that
(1) http protocol stem has " HTTP/1.1 " version feature character string, can uniquely characterize http protocol.
(2) " POST " field certainly existed when upstream data is requested;
(3) " GET " field certainly existed when downlink data is requested;
It is above protocol section feature string, there are also " HEAD ", " PUT " and " 200OK " return code etc., this features for remaining
It can be used as the feature string for determining http protocol, but be not that each message has all of above information, in addition to this,
There are also the identification information of protocol headers, such as protocol type, source mesh IP, source eye end mouths etc..
S3, fuzzy characteristics collection is obtained using fuzzy matching algorithm
S3.1, when carrying out Fuzzy feature for identified data, the case where needing to consider data there are error codes, because
This, the permission maximum errored bit number of identified data is calculated using following formula;
Wherein, L1 indicates the length of the longest feature string allowed, and L2 indicates that the frame length of identified data frame, FER indicate
The frame error rate of identified data;
According to defined above, by taking http protocol as an example, in the HTTP message of acquisition, the range of L1/L2 is 0.82%-
28.33%, character pair string is " GET, HTTP/1.1 " and " HHTP/1.1 200ok r n ", then by above data respectively
Maximum errored bit number is calculated, can be obtained:
‰ * 1500*8=1.36 of Character_error=28.33%*0.4 (a bit)
I.e. it can be seen from the above result that, maximum allowable errored bit number is 1 bit, this is the result is that the ring worst in signal intelligence
It calculates and obtains under border, occurrence can carry out adjustment appropriate according to specific application environment, best in order to reach
Recognition effect.
S3.2, according to protocol characteristic library carry out Fuzzy feature when, matched serial data will be allowed to have certain error,
I.e. within maximum errored bit number range, all fuzzy characteristics within the scope of maximum errored bit number are extracted using fuzzy matching algorithm
Character string;Wherein, fuzzy matching algorithm includes dynamic programming algorithm, non-deterministic finite automaton NFA, parallel-by-bit algorithm and mistake
Filter algorithm etc..
According to protocol characteristic library, all fuzzy characteristics words within the scope of maximum errored bit number are extracted using fuzzy matching algorithm
Symbol string method particularly includes: by identified data, frequent character string { f1, f2, f3..., fkAnd the permission of identified data
Input of the maximum errored bit number as fuzzy matching algorithm, is matched by fuzzy matching algorithm, the successful mould of record matching
Feature string and its position in identified data frame are pasted, and is deposited into fuzzy characteristics concentration;
S4, after determining the fuzzy characteristics collection of data, agreement can be carried out using Jena automatic reasoner or SVM
Final identification.
As shown in Fig. 2, the process of the protocol type using Jena automatic reasoner identification frame are as follows:
Inference rule library, such as inference rule A-> Z or A, B-> Z are initially set up, that is, indicates that a certain frame data have A
Feature string or when having AB feature string simultaneously, this frame data is just judged as in Z agreement, such as http protocol identification, will
" GET, HTTP/1.1 "=> " HTTP " be used as an inference rule;
Then fuzzy characteristics character string fuzzy characteristics concentrated and inference rule library are as the defeated of Jena automatic reasoner
Enter, and make inferences, obtain protocol type corresponding to each group of fuzzy characteristics character string, is i.e. the protocol type of frame thus.
As shown in figure 3, using the process of SVM identification data protocol type are as follows:
Establish SVM model: by frequent character string { f1, f2, f3..., fkBe input in SVM and instruct as training data
Practice, obtains SVM model;
The fuzzy characteristics character string that fuzzy characteristics is concentrated is input in SVM model, each frame is identified by SVM model
Data protocol type.
Although the illustrative specific embodiment of the present invention is described above, in order to the technology of the art
Personnel understand the present invention, it should be apparent that the present invention is not limited to the range of specific embodiment, to the common skill of the art
For art personnel, if various change the attached claims limit and determine the spirit and scope of the present invention in, these
Variation is it will be apparent that all utilize the innovation and creation of present inventive concept in the column of protection.
Claims (4)
1. a kind of unknown communication protocol recognition method based on bit error rate model, which comprises the following steps:
(1), data acquisition and pretreatment
It is stored using the communication data in network packet catcher crawl network, then by communication data according to frame format, and every
One frame carries out binary system processing, and the known protocol communication data for finally completing processing leads to unknown protocol as training data
Letter data is as identified data;
(2), feature extraction is carried out to training data, obtains protocol characteristic library
(2.1), Frequent Set is extracted using pattern matching algorithm
According to the length that existing network protocol features character string allows, the string of binary characters of 1~6 all byte of exhaustion, note
For { p1, p2, p3..., pm, pmIndicate m-th of string of binary characters, finally using exhaustion all strings of binary characters as
Model string;
Each frame data in training data are extracted, target string { t is formed1, t2, t3..., tn, tnIndicate n-th frame number
According to;
By { p1, p2, p3..., pmAnd { t1, t2, t3..., tnInput as pattern matching algorithm, pass through mode
Matching algorithm is matched, and the successful model string of record matching and its position in target string, is finally united
Occurs the frame number of same model string in meter same position, and the model string definition by frame number accounting greater than M% is thus
All frequent character strings are finally formed Frequent Set { f by the frequent character string of agreement1, f2, f3..., fK, fKIndicate k-th
Frequent character string;
(2.2), protocol characteristic is extracted using Association Rule Analysis algorithm
By Frequent Set { f1, f2, f3..., fKAnd frequently the position that occurs in each frame of character string as correlation rule point
The input for analysing algorithm, is associated rule analysis to frequent character string by Association Rule Analysis algorithm, obtains associated character string,
The number and position of associated character string appearance is counted again, and the number accounting that associated character string is occurred is greater than the association of M%
Character string is as recognition rule, then by the frequent character string { f in recognition rule1, f2, f3..., fkDeposit protocol characteristic
In library, wherein fkIndicate kth (k≤K) a frequent character string;
(3), fuzzy characteristics collection is obtained using fuzzy matching algorithm
(3.1), the maximum errored bit number that identified data allow is calculated
Wherein, L1 indicates the length of the longest feature string allowed, and L2 indicates the frame length of identified data frame, and FER expression is known
The frame error rate of other data;
(3.2), according to protocol characteristic library, all fuzzy characteristics within the scope of maximum errored bit number are extracted using fuzzy matching algorithm
Character string
By identified data, frequent character string { f1, f2, f3..., fkAnd identified data allow maximum errored bit number make
For the input of fuzzy matching algorithm, matched by fuzzy matching algorithm, the successful fuzzy characteristics character string of record matching and
Its position in identified data frame, and it is deposited into fuzzy characteristics concentration;
(4), using the protocol type of Jena automatic reasoner identification frame
Inference rule library is initially set up, then certainly using the fuzzy characteristics character string of fuzzy characteristics concentration and inference rule library as Jena
The input of dynamic inference machine, and making inferences, obtain protocol type corresponding to each group of fuzzy characteristics character string, i.e. frame thus
Protocol type.
2. a kind of unknown communication protocol recognition method based on bit error rate model according to claim 1, which is characterized in that
The algorithm for pattern recognition includes AC algorithm, AC-BM algorithm, Wu-Manber algorithm.
3. a kind of unknown communication protocol recognition method based on bit error rate model according to claim 1, which is characterized in that
The Association Rule Analysis algorithm includes Apriori algorithm and FP-Growth algorithm.
4. a kind of unknown communication protocol recognition method based on bit error rate model according to claim 1, which is characterized in that
The step (4) can also identify data protocol type using SVM, specifically:
Establish SVM model: by frequent character string { f1, f2, f3..., fkBe input in SVM and train as training data, it obtains
To SVM model;
The fuzzy characteristics character string that fuzzy characteristics is concentrated is input in SVM model, the number of each frame is identified by SVM model
According to protocol type.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710093147.3A CN106878307B (en) | 2017-02-21 | 2017-02-21 | A kind of unknown communication protocol recognition method based on bit error rate model |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710093147.3A CN106878307B (en) | 2017-02-21 | 2017-02-21 | A kind of unknown communication protocol recognition method based on bit error rate model |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106878307A CN106878307A (en) | 2017-06-20 |
CN106878307B true CN106878307B (en) | 2019-10-29 |
Family
ID=59167362
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710093147.3A Expired - Fee Related CN106878307B (en) | 2017-02-21 | 2017-02-21 | A kind of unknown communication protocol recognition method based on bit error rate model |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106878307B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108712414B (en) * | 2018-05-16 | 2021-02-26 | 东南大学 | Binary unknown protocol message format dividing method based on sequence comparison |
CN110049023B (en) * | 2019-03-29 | 2021-11-16 | 中国空间技术研究院 | Unknown protocol reverse identification method and system based on machine learning |
CN112104518B (en) * | 2019-08-26 | 2021-06-08 | 中国科学院国家空间科学中心 | Bit data feature mining method, system, equipment and readable medium |
CN110697522B (en) * | 2019-09-19 | 2022-03-25 | 广州慧特安科技有限公司 | Method, system and storage medium for detecting elevator communication protocol |
CN111541516B (en) * | 2020-04-17 | 2023-06-20 | 郑州融壹达信息技术有限公司 | Channel code identification method, device, electronic device and storage medium |
CN112968865B (en) * | 2021-01-26 | 2022-08-02 | 西安理工大学 | Network protocol grammatical feature rapid extraction method based on association rule mining |
CN112994984B (en) * | 2021-04-15 | 2021-07-30 | 紫光恒越技术有限公司 | Method for identifying protocol and content, storage device, security gateway and server |
CN114448685B (en) * | 2022-01-13 | 2023-11-03 | 绿盟科技集团股份有限公司 | Method and device for generating network protocol message protection strategy |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101464896A (en) * | 2009-01-23 | 2009-06-24 | 安徽科大讯飞信息科技股份有限公司 | Voice fuzzy retrieval method and apparatus |
CN103414722A (en) * | 2013-08-19 | 2013-11-27 | 中国科学院空间科学与应用研究中心 | Space link protocol blind identification method and system |
CN105099802A (en) * | 2014-05-15 | 2015-11-25 | 中国移动通信集团公司 | Traffic identification method, terminal, and network element equipment |
CN105516020A (en) * | 2015-12-22 | 2016-04-20 | 桂林电子科技大学 | Parallel network traffic classification method based on ontology knowledge inference |
-
2017
- 2017-02-21 CN CN201710093147.3A patent/CN106878307B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101464896A (en) * | 2009-01-23 | 2009-06-24 | 安徽科大讯飞信息科技股份有限公司 | Voice fuzzy retrieval method and apparatus |
CN103414722A (en) * | 2013-08-19 | 2013-11-27 | 中国科学院空间科学与应用研究中心 | Space link protocol blind identification method and system |
CN105099802A (en) * | 2014-05-15 | 2015-11-25 | 中国移动通信集团公司 | Traffic identification method, terminal, and network element equipment |
CN105516020A (en) * | 2015-12-22 | 2016-04-20 | 桂林电子科技大学 | Parallel network traffic classification method based on ontology knowledge inference |
Non-Patent Citations (1)
Title |
---|
"基于关联规则挖掘的未知协议特征提取方法";蔡乐 等;《电子信息对抗技术》;20161115;第18-23、57页 * |
Also Published As
Publication number | Publication date |
---|---|
CN106878307A (en) | 2017-06-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106878307B (en) | A kind of unknown communication protocol recognition method based on bit error rate model | |
Dong et al. | SR2CNN: Zero-shot learning for signal recognition | |
CN107786575B (en) | DNS flow-based self-adaptive malicious domain name detection method | |
CN109818793A (en) | For the device type identification of Internet of Things and network inbreak detection method | |
CN111832417B (en) | Signal modulation pattern recognition method based on CNN-LSTM model and transfer learning | |
CN103824055B (en) | A kind of face identification method based on cascade neural network | |
CN110380989A (en) | The polytypic internet of things equipment recognition methods of network flow fingerprint characteristic two-stage | |
CN104468262B (en) | A kind of network protocol identification method and system based on semantic sensitivity | |
CN106294590B (en) | A kind of social networks junk user filter method based on semi-supervised learning | |
CN109005145A (en) | A kind of malice URL detection system and its method extracted based on automated characterization | |
CN101841440B (en) | Peer-to-peer network flow identification method based on support vector machine and deep packet inspection | |
CN102546625A (en) | Semi-supervised clustering integrated protocol identification system | |
CN105376193B (en) | The intelligent association analysis method and device of security incident | |
CN111930592A (en) | Method and system for detecting log sequence abnormity in real time | |
CN112367303B (en) | Distributed self-learning abnormal flow collaborative detection method and system | |
CN105183780B (en) | Based on the protocol classification method for improving AGNES algorithms | |
CN110971603B (en) | Abnormal flow detection method and system based on deep learning | |
CN113645182B (en) | Denial of service attack random forest detection method based on secondary feature screening | |
CN113939831A (en) | Understanding deep learning models | |
Xu et al. | [Retracted] DDoS Detection Using a Cloud‐Edge Collaboration Method Based on Entropy‐Measuring SOM and KD‐Tree in SDN | |
CN115622926A (en) | Industrial control protocol reverse analysis method based on network traffic | |
Tang et al. | Specific emitter identification for IoT devices based on deep residual shrinkage networks | |
Liu et al. | Dynamic traffic classification algorithm and simulation of energy Internet of things based on machine learning | |
CN112291226B (en) | Method and device for detecting abnormity of network flow | |
CN109858510A (en) | A kind of detection method for http protocol ETag value covert communications |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20191029 |
|
CF01 | Termination of patent right due to non-payment of annual fee |