An Online Protocol Format Inference Method Based on Multiple Sequence Alignment

A protocol format and multi-sequence technology, applied in the transmission system, electrical components, etc., can solve the problems that take a long time and cannot adapt to the needs of online protocol analysis, and achieve the guaranteed effect and the effect of meeting the time requirement

Active Publication Date: 2022-03-11
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Although the above protocol format extraction algorithm has good accuracy, it often takes a long time and cannot meet the needs of online protocol analysis.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Online Protocol Format Inference Method Based on Multiple Sequence Alignment
  • An Online Protocol Format Inference Method Based on Multiple Sequence Alignment
  • An Online Protocol Format Inference Method Based on Multiple Sequence Alignment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] Include the following steps:

[0043] Step S1: Network traffic acquisition and division into different groups

[0044] Obtain traffic from the network through wireshark or pcap, and then use the first N packets as a subflow according to the packet acceptance order, and set N to 500 in order to ensure the response time.

[0045] flow 0 =0 ,p 1 ,...,p 499 >(1)

[0046] Step S2: Perform multiple sequence alignment

[0047] Taking the http protocol as an example, the three groups before and after are respectively,

[0048] Among them, p 0 = {GET / cgi-bin / whois.pl HTTP / 1.0Host:arin.net User-Agent:OperaAccept:text / xml}, p 1 = {GET / index.html HTTP / 1.0Host:www.yahoo.com User-Agent:Mozilla / 5.0Accept:text / xml}, p 2 ={GET / HTTP / 1.0Host:www.google.com User-Agent:IE4.0 Accept:text / xml}.

[0049] After sequence comparison, the result is GET / ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? HTTP / 1.0 Host: ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? User-Agent:? ? ? ? ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an online protocol format inference method based on multi-sequence comparison. First, the content of the known part of the protocol is marked, and then the online flow is incrementally analyzed, and the captured flow is grouped according to a certain number. , for each group, adopt the format of the progressive multiple sequence alignment extraction protocol, and then analyze the adjacent group results, if the analysis results are different, analyze all the groups in the two consecutive groups, as the result, until the end of the analysis . This method can not only meet the time requirement of online protocol analysis, but also ensure the effect of protocol analysis.

Description

technical field [0001] The invention relates to the technical field of online protocol format inference methods, in particular to an online protocol format inference method based on multiple sequence alignment. Background technique [0002] Protocol reverse engineering refers to the process of extracting protocol format and protocol state machine information by monitoring and analyzing the network input and output, system behavior and instruction execution flow of protocol entities without protocol description. Protocol reverse engineering is widely used in intrusion detection, vulnerability mining, protocol reuse, etc. [0003] Protocol reverse analysis technology mainly includes two stages: protocol format extraction and protocol state machine inference. For unknown protocols, protocol format is an indispensable basis for state labeling, so protocol format extraction is the premise of protocol state machine inference. According to different analysis objects, the protocol...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L69/22H04L69/06
CPCH04L69/03H04L69/06H04L69/22
Inventor 张晓明何跃鹰孙中豪张嘉玮方喆君刘中金李建强王占丰田益凡胡超罗冰
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap