Unknown protocol message format deduction method

A protocol message and format technology, applied in the field of unknown protocol message format inference, can solve problems such as difficulty in inference, no protocol specification, unusable protocol identification tools, etc., to achieve effective inference, reduce workload, and realize automatic inference. Effect

Active Publication Date: 2015-09-23
SOUTHWEST CHINA RES INST OF ELECTRONICS EQUIP
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, many network protocols, such as private protocols or non-standard protocols, do not have public protocol specifications, so feature libraries cannot be established, and traditional protocol identification tools cannot be used
The current challenge is that there is no automatic method for unknown protocol analysis, and most of them use manual participation.
Fields with a fixed length in the data packet can also be inferred manually, but when the format of the data packet has a variable-length field, it is more difficult to attempt automatic format inference

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unknown protocol message format deduction method
  • Unknown protocol message format deduction method
  • Unknown protocol message format deduction method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] Describe the present invention below in conjunction with specific embodiment:

[0031] Such as image 3 As shown, the data acquisition system on the left includes a network packet capture tool, which captures the original data packets on the network and directly transmits them to the analysis and inference system. The analysis and inference system builds a binary tree for sequence comparison based on the length of the data packet, and performs sequence comparison from the leaf node of the binary tree upwards. The sequence comparison uses a sequence comparison algorithm based on dynamic programming. After the sequence comparison of all nodes is completed, the result of leaf node alignment with the same length is obtained, and the same part is found according to the result, and the format of the unknown protocol message is automatically inferred and output, such as Figure 4 shown. The implementation example shows that the method proposed by the present invention has th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides an unknown protocol message format deduction method. The method comprises the steps of capturing an original data packet in the network, establishing a sequence alignment binary tree according to the length of the data packet, and carrying out the upward sequence alignment from the leaf nodes of the binary tree, wherein the sequence alignment adopts a sequence alignment algorithm based on dynamic programming, obtaining a result possessing the same length leaf node alignment after the sequence alignment of all nodes are ended, and according to the result, searching the same parts, thereby automatically realizing the unknown protocol message format deduction and output. Compared with an existing artificial participation unknown data packet format deduction method, an automatic unknown protocol message method based on the data packet sequence alignment provided by the present invention enables the artificial participation workload to be reduced to realize the automatic deduction on the basis of determining the number of the acquisition data packets, and can realize the effective deduction to an unknown protocol data packet format on the condition of not having data packet format any prior information.

Description

technical field [0001] The invention belongs to the field of network data flow unknown protocol identification, and specifically relates to an unknown protocol message format inference method, which utilizes data packets intercepted in the network and uses data packet sequence comparison technology to realize the unknown protocol data message format inference. Background technique [0002] The current protocol identification technology mainly includes protocol identification technology based on port mapping, deep packet inspection protocol identification technology based on static features, and protocol identification technology based on dynamic behavior features. These methods are all based on extracting the protocol features of this type of protocol from the public protocol specification, and then building the feature library of the protocol as the basis for identification. [0003] According to the protocol format specification, the traffic can be identified by the applic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L69/06H04L69/166
Inventor 詹成石荣李剑张伟李洲
Owner SOUTHWEST CHINA RES INST OF ELECTRONICS EQUIP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap