Method and system for network protocol recognition based on tri-classifier cooperative training learning

A collaborative training and three-classifier technology, applied in transmission systems, electrical components, etc., can solve the problems that manual marking cannot meet actual needs, is complicated, time-consuming, etc., achieves high recognition accuracy and recall rate, and has a wide range of applications. The effect of learning efficiency

Active Publication Date: 2015-01-07
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF4 Cites 49 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the actual analysis process, the acquisition and labeling of network protocol data streams, especially unknown network protocols (such as botnets), relies heavily on domain experts
This is a time-consuming and complicated job
Even when the amount of sample data is too large, manual labeling can no longer meet actual needs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for network protocol recognition based on tri-classifier cooperative training learning
  • Method and system for network protocol recognition based on tri-classifier cooperative training learning
  • Method and system for network protocol recognition based on tri-classifier cooperative training learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] Such as figure 1 As shown, the specific implementation of the present invention is as follows: four main stages are included: data packet capture and statistical feature extraction stage; classifier existence judgment stage; three classifier cooperative training learning algorithm classifier construction stage and protocol identification stage.

[0026] 1. Data packet capture and statistical feature extraction: Due to fragmentation during network transmission, data packets need to be reassembled when they reach the destination terminal, based on the fact that the fragments of the same IP packet have the same identifier. TCP provides connection-oriented, reliable, and byte-stream-based data transmission services. The TCP segment data is a byte stream corresponding to the sequence number. Since the order of packet arrival does not follow the principle of the former coming first, the flow is used as the unit The feature extraction must go through the TCP stream restoration...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and a system for network protocol recognition based on tri-classifier cooperative training learning. The method comprises the following steps: carrying out IP (Internet Protocol) regrouping and TCP (Transmission Control Protocol) traffic reduction on network original traffic, and stipulating the unit of network data from original packets to flow; extracting each message of unidirectional flow feature information and vectoring to build a feature matrix; building a tri-classifier cooperative training classifier with few identified samples; judging whether a classifying model of an analyzed protocol exists or not, and utilizing a tri-classifier cooperative training learning method to build a protocol classifier if the classifying model does not exist, otherwise, judging the protocol attributes of data packets; training by a tri-classifier cooperative training learning algorithm based on J48 and obtaining the classifying model of the analyzed protocol; carrying out protocol type judgment on network data packets not identified, and outputting two classes of results: one class refers to the network data packets belonging to the target protocol, and the other class refers to network data packets not belonging to the target protocol. High recognition accuracy and high recalling rate are ensured by the method.

Description

technical field [0001] The invention relates to a network protocol identification method and system based on the collaborative training and learning of three classifiers, belonging to the network protocol identification technology. Background technique [0002] The network protocol identification technology is a process of associating the network data flow with its corresponding specific network application by analyzing the network data flow. Identifying specific application protocols carried in network data streams is one of the core issues in the field of network security. Network protocol identification technology has a wide range of applications in many fields, such as intrusion detection and prevention system (IDS / IPS), network measurement, application-oriented caching and routing mechanism, application-oriented load balancing, traffic classification and tunnel detection, etc. Therefore, in the network data traffic mixed with multiple protocols, how to identify differe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L43/026H04L43/18H04L69/22
Inventor 张永铮周宇王一鹏续涛
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap