Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for Separating Unknown Protocol Multi-Communication Party Data Streams into Point-to-Point Data Streams

A data flow and multi-communication technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of monitoring and detection of channels that cannot steal secrets, and achieve good results and simple principles

Inactive Publication Date: 2018-01-19
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] In the current information warfare scenario, the threat of being stolen by the enemy through imported devices or special Trojan horses is becoming increasingly serious. The way of such stealing is usually to send confidential information through wireless communication, and the protocols used in this communication are very However, the existing preventive measures are basically only for known protocols, and most of them are based on port mapping or static feature matching, which cannot monitor and detect this type of stealing channels.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for Separating Unknown Protocol Multi-Communication Party Data Streams into Point-to-Point Data Streams
  • Method for Separating Unknown Protocol Multi-Communication Party Data Streams into Point-to-Point Data Streams
  • Method for Separating Unknown Protocol Multi-Communication Party Data Streams into Point-to-Point Data Streams

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0081] Embodiment 1 realizes for the concrete algorithm of the present invention:

[0082] For step S11,

[0083] Data input: a mixed unknown protocol data frame with n rows and m columns.

[0084] Algorithm goal: Calculate the number k of types of protocols as accurately as possible.

[0085] Its specific algorithm implementation:

[0086] (1) Define the smallest processing unit object: OneByte, the attributes are:

[0087]

[0088] (2) Create a two-dimensional array of n rows and m columns of OneByte, assign the content of each byte of the input data frame to the oneByte field of the OneByte object, and record the row and column where the byte is located.

[0089] (3) Loop through the OneByte two-dimensional array, count by column, and count the number of occurrences of each byte in each column and which rows have this byte. Record the number of occurrences, record it as num, and add the rows that have appeared to the alist collection of OneByte, so that you can get t...

Embodiment 2

[0121] Embodiment 2 is concrete experimental verification:

[0122] For step S11, the calculation experiment of the number of protocol types:

[0123] (1) Data input: 27 kinds of protocols in Tcpdump, each takes 100 data frames, all of which are less than 100; take the first 68 bytes of each data frame; mix the obtained protocols as input.

[0124] (2) Values ​​of variable that can be set: liminal, low_liminal, uniterate. Liminal is set to 95, low_liminal is set to 10; the minimum value of uniterate is 50, and the maximum value is 99;

[0125] Experimental results:

[0126] The experiment uniterate takes the corresponding K value from 50 to 99 records, the following is the brief experiment result of liminal=95; low_liminal=10; uniterate=99 (one experiment):

[0127] The maximum frame length is: 68;

[0128] Total number of frames: 2509;

[0129] Number of column stats: 68;

[0130] The number of sets in the candidate result set: 62;

[0131] The number of collections in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for separating data streams of unknown protocol multi-communicating parties into point-to-point data streams, which includes the following steps: S1: Dividing mixed unknown multi-protocol data streams into single-protocol data frames: adopting a clustering algorithm to divide the mixed unknown Multi-protocol data streams are divided into single-protocol data frames, and the evaluation algorithm is used to determine that the obtained clusters are relatively credible single-protocol data frames; S2: Divide the divided single-protocol data frames into point-to-point data frames according to addresses: The queues with "address characteristics" form the address pair candidate set, and then the final address pair is obtained by splicing the address pair candidate set. The present invention uses the entropy value-based class cluster evaluation method in the evaluation of protocol clustering, and proposes a simple and effective method for finding unknown protocol address information, and the effect is very good.

Description

technical field [0001] The invention relates to a method for separating data streams of unknown protocol multi-communicating parties into point-to-point data streams. Background technique [0002] In the current information warfare scenario, the threat of being stolen by the enemy through imported devices or special Trojan horses is becoming increasingly serious. The way of such stealing is usually to send confidential information through wireless communication, and the protocols used in this communication are very However, the existing preventive measures are basically only for known protocols, most of which are based on port mapping or static feature matching, which cannot monitor and detect this type of stealing channels. Aiming at the above problems, this project intends to propose an unknown protocol discovery method based on the fingerprint relationship of datagrams, laying a technical foundation for the monitoring methods of such stealing channels. Contents of the i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L67/104H04L69/08
Inventor 郝玉洁周洪川刘渊张凤荔张俊娇
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com