Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Unknown network protocol identification method and system

A network protocol and identification method technology, applied in the field of network information security, can solve problems such as the inability to effectively identify unknown network protocols, and achieve high recognition accuracy and recall rate, high recall rate, and excellent learning efficiency.

Active Publication Date: 2013-09-11
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF4 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem to be solved by the present invention is to provide a method and system for identifying an unknown network protocol, which is used to solve the problem that the existing network protocol identification method cannot effectively identify the unknown network protocol when the number of labeled samples is small

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unknown network protocol identification method and system
  • Unknown network protocol identification method and system
  • Unknown network protocol identification method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] Such as figure 1As shown, Embodiment 1 is a method for identifying an unknown network protocol, including:

[0045] Step 1, taking the network data packet to be identified as input, and characterizing each network data packet as a feature vector that can be used for classification;

[0046] Step 2, taking the eigenvector obtained in step 1 as input to form a eigenvector data set, using an active learning method oriented to a support vector machine to learn the eigenvector data set, and obtaining a classifier for the network protocol to be tested;

[0047] Step 3, use the classifier obtained in step 2 to make a judgment on the protocol attribute of the network data packet to be identified.

[0048] Such as figure 2 As shown, each network packet is characterized as a feature vector that can be used for classification, and the specific content of constructing a classifier is:

[0049] 1) Data packet n-gram serialization: The data packet n-gram serialization operation u...

Embodiment 2

[0072] Embodiment two is to CIFS / SMB agreement and DNS agreement under the situation that T is different values ​​to carry out experiment respectively, contrast its accuracy rate under active learning strategy and random sampling method (that is, randomly select training sample), recall rate and F-Measure.

[0073] Given an unknown protocol to be analyzed by the system, first define the following three data sets.

[0074] True Positives (TP): It is recognized by the system as a network data packet of a certain protocol, and it is indeed a set of network data packets belonging to the protocol.

[0075] False Positives (FP): It is recognized by the system as a network packet of a certain protocol, but it does not belong to the set of network packets of the protocol.

[0076] False Negatives (FN): It is recognized by the system as a network data packet not of a certain protocol, but it is actually a collection of network data packets belonging to the protocol.

[0077] Based on...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an unknown network protocol identification method. The method includes the steps: firstly, taking network data packets as input, and representing each network data packet as a characteristic vector which can be used for classification; secondly, taking the obtained characteristic vectors as input to form a characteristic vector data set, and using a support vector machine oriented active learning method for learning the characteristic vector data set to obtain a classifier aiming at a to-be-tested network protocol; and thirdly, using the obtained classifier to discriminate protocol attributes of to-be-identified network data packets. The invention further provides an unknown network protocol identification system which comprises a data packet modeling module, a classifier construction module and an identification module. The active learning method is adopted, few tagged samples can be used for achieving excellent learning efficiency, and accordingly, the number of the tagged samples in the learning process is reduced effectively, and analyzed network protocols can be identified accurately from miscellaneous network flows.

Description

technical field [0001] The invention belongs to the technical field of network information security, and relates to network protocol identification technology, in particular to an unknown network protocol identification method and system. Background technique [0002] Identifying the application protocol carried in the network data flow has many applications in the field of network and security, such as intrusion detection and prevention system (IDS / IPS), network measurement, application-oriented caching and routing mechanism, application-oriented load balancing, traffic classification and tunnel detection etc. Taking its application in intrusion detection and prevention systems as an example, intrusion detection and prevention systems usually implement active and effective security protection strategies by effectively parsing the TCP / UDP payload in accordance with existing protocol specifications. However, many network protocols in the Internet are unknown protocols or pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 云晓春张永铮王一鹏周宇
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com