Unlock instant, AI-driven research and patent intelligence for your innovation.

Traffic classification method for unknown network protocol of application layer

A network protocol, application-oriented technology, applied in transmission systems, electrical components, etc., can solve problems such as unknown protocol formats that cannot be accurately located and extracted for encryption, clustering results cannot be accurately mapped, and network traffic cannot be identified. Interpretability, accurate feature representation, and the effect of improving correspondence

Pending Publication Date: 2022-06-24
SOUTHEAST UNIV
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

According to a 2018 survey report released by Sophos, a global network and endpoint security vendor, IT executives on average cannot identify 45% of the company's network traffic.
[0011] (1) The encrypted unknown protocol format cannot be accurately located and extracted based on the payload analysis method, and its practicability in the actual environment is low
[0012] (2) The clustering results of unsupervised clustering methods cannot be accurately mapped to the actual protocol

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Traffic classification method for unknown network protocol of application layer
  • Traffic classification method for unknown network protocol of application layer
  • Traffic classification method for unknown network protocol of application layer

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] Embodiment 1: a traffic classification method oriented to an application layer unknown network protocol, the method includes the following steps:

[0065] In step (1), the data collection tool is used to collect traffic data at different times in the backbone network, the traffic collected first is used as training data, and the traffic collected later is used as test data. Processing enters step (6);

[0066] Step (2) extracts the feature of training data by the feature extraction method of statistical alignment byte probability, obtains feature vector;

[0067] Step (3) using an unsupervised machine learning method to cluster and label the feature vectors obtained in step (2) to obtain a clustering result;

[0068] Step (4) uses the merging similar clustering algorithm to carry out the merging of similar clusters to the clustering results obtained in step (3), and unifies the clustering labels of the same protocol;

[0069] Step (5) uses a supervised machine learnin...

Embodiment 2

[0104] Embodiment 2: A traffic classification method for unknown network protocols at the application layer provided by the present invention, the overall structure of which is as follows: figure 1 shown, including the following steps:

[0105] In step (1), the data collection tool is used to collect traffic data at different times in the backbone network, the traffic collected first is used as training data, and the traffic collected later is used as test data. Processing enters step (6);

[0106] Step (2) extracts the feature of training data by the feature extraction method of statistical alignment byte probability, obtains feature vector;

[0107] Step (3) using an unsupervised machine learning method to cluster and label the feature vectors obtained in step (2) to obtain a clustering result;

[0108] Step (4) uses the merging similar clustering algorithm to carry out the merging of similar clusters to the clustering results obtained in step (3), and unifies the clusteri...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an application layer unknown network protocol-oriented traffic classification method, which comprises the following steps of: firstly, collecting an unknown traffic data set in a backbone network, and designing a feature extraction method for counting an alignment byte probability to automatically identify and position frequent characters in an application layer unknown protocol; secondly, the method proposes a merging similar clustering algorithm, and the algorithm can merge clustered labels belonging to the same protocol on the basis of carrying out clustering labeling on unlabeled traffic by using an unsupervised machine learning method, thereby completing traffic labeling work. And finally, the method uses a supervised machine learning method to train the marked traffic data to obtain a classification model, and the model can be used for classifying new unknown network traffic. According to the method, effective features can be extracted from unmarked backbone network traffic, classification of unknown network protocols of an application layer is realized, and the method can be used for network traffic classification and network management.

Description

technical field [0001] The invention relates to a traffic classification method oriented to an application layer unknown network protocol, and belongs to the technical field of network measurement. Background technique [0002] With the increase in the types of Internet applications, the amount of data transmission in the network continues to expand, which brings challenges to network management and may lead to security problems such as network attacks. Therefore, effective regulation of cybersecurity is crucial. The main purpose of network traffic classification is to help network administrators process, control and classify traffic, so as to monitor network status and optimize network services. Therefore, it can be used for quality of service provision, traffic monitoring, and anomaly detection. [0003] The existing traffic classification methods mainly include rule-based methods and statistical methods. Rule-based methods can be divided into port-based and load-based ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L47/10H04L69/329
CPCH04L47/10H04L69/329
Inventor 吴桦崔超群程光
Owner SOUTHEAST UNIV