Unknown protocol message format deduction method

A protocol message and format technology, applied in the field of unknown protocol message format inference, can solve problems such as difficulty in inference, no protocol specification, unusable protocol identification tools, etc., to achieve effective inference, reduce workload, and realize automatic inference. Effect
CN104935567AActive Publication Date: 2015-09-23SOUTHWEST CHINA RES INST OF ELECTRONICS EQUIP
3 Cites 11 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Applications(China)
Current Assignee / Owner
SOUTHWEST CHINA RES INST OF ELECTRONICS EQUIP
Publication Date
2015-09-23

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The present invention provides an unknown protocol message format deduction method. The method comprises the steps of capturing an original data packet in the network, establishing a sequence alignment binary tree according to the length of the data packet, and carrying out the upward sequence alignment from the leaf nodes of the binary tree, wherein the sequence alignment adopts a sequence alignment algorithm based on dynamic programming, obtaining a result possessing the same length leaf node alignment after the sequence alignment of all nodes are ended, and according to the result, searching the same parts, thereby automatically realizing the unknown protocol message format deduction and output. Compared with an existing artificial participation unknown data packet format deduction method, an automatic unknown protocol message method based on the data packet sequence alignment provided by the present invention enables the artificial participation workload to be reduced to realize the automatic deduction on the basis of determining the number of the acquisition data packets, and can realize the effective deduction to an unknown protocol data packet format on the condition of not having data packet format any prior information.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the field of network data flow unknown protocol identification, and specifically relates to an unknown protocol message format inference method, which utilizes data packets intercepted in the network and uses data packet sequence comparison technology to realize the unknown protocol data message format inference. Background technique

[0002] The current protocol identification technology mainly includes protocol identification technology based on port mapping, deep packet inspection protocol identification technology based on static features, and protocol identification technology based on dynamic behavior features. These methods are all based on extracting the protocol features of this type of protocol from the public protocol specification, and then building the feature library of the protocol as the basis for identification.

[0003] According to the protocol format specification, the traffic can be identified by the applic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More