面向链路比特流的未知帧关联分析

doi:10.11999/JEIT160289

摘要
图/表
参考文献(17)
相关文章 (7)

全文: PDF (262 KB)
输出: BibTeX | EndNote (RIS)

摘要

在电子对抗中，截获到对方的通信比特流序列之后，当链路协议类型未知时，现有的协议解析工具往往无法分析比特流所承载的有用信息。为了获取比特流承载信息，首先需要切分比特流得到链路帧。该文根据链路帧结构的一般规律，提出一种基于数据挖掘的比特流切分算法。通过频繁序列统计、关联规则分析以及关联规则整合，识别出比特流中标识帧起始的多重关联规则序列。测试结果表明，该算法能够从未知比特流中提取有效的切分标识，正确实现比特流切分。与同类基于数据挖掘的比特流分析方法相比，该算法复杂度低，输出结果唯一且可信度高。

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	薛开平
	柳彬
	王劲松
	李威
	薛颖杰

关键词 ：链路比特流, 未知帧, 频繁统计, 关联分析, 切分

Abstract：

In the electronic countermeasure, the opponent’s bit stream can be captured. However, without any knowledge about the type of data link protocol, the existing protocol analyzing tools can not analyze the useful information from the bit stream. To further get the carried?information, the bit stream should be segmented to frames firstly. According to the general rules of frame structure, a bit stream segmentation algorithm is proposed based on data mining, in which, the multi-association rule indicating the beginning of frames can be identified by using frequent sequence statistics, association analysis and association rules integration. The test results show that, this algorithm can extract the valid segmentation flag from unknown bit stream and segment the bit stream correctly. Compared to the similar data mining based bit stream analyzing algorithms, this algorithm can be more efficient and produce a unique result which is of high reliability.

Key words： Data link bit stream Unknown frame Frequent statistics Association analysis Segmentation

收稿日期: 2016-03-28 出版日期: 2016-10-09

PACS:

TP393

基金资助:

国家自然科学基金(61379129)，中国科学院青年创新促进会人才基金(2016394)

通讯作者: 薛开平 E-mail: kpxue@ustc.edu.cn

作者简介: 薛开平：男，1980年生，副教授，研究方向为下一代Internet网络、网络安全与分布式网络. 柳彬：男，1991年生，硕士生，研究方向为网络安全与协议分析. 王劲松：男，1980年生，工程师，研究方向为大数据挖掘和数据可视化. 李威：男，1992年生，硕士生，研究方向为网络安全协议设计与分析. 薛颖杰：女，1992年生，硕士生，研究方向为网络安全和加密技术.

引用本文:

薛开平,柳彬,王劲松,李威,薛颖杰. 面向链路比特流的未知帧关联分析[J]. 电子与信息学报, 2017, 39(2): 374-380. XUE Kaiping, LIU Bin, WANG Jinsong, LI Wei, XUE Yingjie. Data Link Bit Stream Oriented Association Analysis on Unknown Frame. JEIT, 2017, 39(2): 374-380.

链接本文:

http://jeit.ie.ac.cn/CN/10.11999/JEIT160289 或 http://jeit.ie.ac.cn/CN/Y2017/V39/I2/374

[1]	WRIGHT C, MONROSE F, and MASSON G M. HMM profiles for network traffic classification[C]. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. ACM, Washington, D.C., USA, 2004: 9-15. doi: 10.1145/1029208.1029211.
[2]	孙钦东, 郭晓军, 黄新波. 基于多模式匹配的网络视频流识别与分类算法[J]. 电子与信息学报, 2009, 31(3): 759-762. doi: 10.3724/SP.J.1146.2008.00301.
	SUN Q, GUO X, and HUANG X. Algorithm of network video stream recognition and classification based on multi-pattern matching[J]. Journal of Electronics & Information Technology, 2009, 31(3): 759-762. doi: 10.3724/SP.J.1146.2008.00301.
[3]	王变琴, 余顺争. 未知网络应用流量的自动提取方法[J]. 通信学报, 2014, 35(7): 164-171. doi: 10.3969/j.issn.1000-436x. 2014.07.020.
	WANG B and YU S. Automatic extraction for the traffic of unknown network applications[J]. Journal on Communications, 2014, 35(7): 164-171. doi: 10.3969/j.issn. 1000-436x.2014.07.020.
[4]	高长喜, 吴亚飚, 王枞. 基于抽样分组长度分布的加密流量应用识别[J]. 通信学报, 2015, 36(9): 65-75. doi: 10.11959/j.issn. 1000-436x.2015171.
	GAO C, WU Y, and WANG C. Encrypted traffic classification based on packet length distribution of sampling sequence[J]. Journal on Communications, 2015, 36(9): 65-75. doi: 10.11959/j.issn.1000-436x.2015171.
[5]	朱玉娜, 韩继红, 袁霖, 等. SPFPA: 一种面向未知安全协议的格式解析方法[J]. 计算机研究与发展, 2015, 52(10): 2200-2211. doi: 10.7544/issn1000-1239.2015.20150568.
	ZHU Y, HAN J, YUAN L, et al. SPFPA: A format parsing approach for unknown security protocols[J]. Journal of Computer Research and Development, 2015, 52(10): 2200-2211. doi: 10.7544/issn1000-1239.2015.20150568.
[6]	朱玉娜, 韩继红, 袁霖, 等. 基于主体行为的多方安全协议会话识别方法[J]. 通信学报, 2015, 36(11): 190-200. doi: 10.11959/j.issn.1000-436x.2015273.
	ZHU Y, HAN J, YUAN L, et al. Towards session identification using principal behavior for multi-party secure protocol[J]. Journal on Communications, 2015, 36(11): 190-200. doi: 10.11959/j.issn.1000-436x.2015273.
[7]	邢萌, 王韬, 吴杨, 等. 一种提高链路层加密比特流识别率的新方法[J]. 计算机应用研究, 2015, 32(11): 3443-3447. doi: 10.3969/j.issn.1001-3695.2015.11.057.
	XING M, WANG T, WU Y, et al. New method to improve identification rate of encrypted bit stream in data link layer[J]. Application Research of Computers, 2015, 32(11): 3443-3447. doi: 10.3969/j.issn.1001-3695.2015.11.057.
[8]	郑杰, 朱强. 未知单协议数据帧的地址分析与研究[J]. 计算机科学, 2015, 42(11): 184-187. doi: 10.11896/j.issn.1002-137X. 2015.11.038.
	ZHENG J and ZHU Q. Analysis and research on address message of unknown single protocol data frame[J]. Computer Science, 2015, 42(11): 184-187. doi: 10.11896/j.issn. 1002-137X.2015.11.038.
[9]	金凌. 面向比特流的未知帧头识别技术研究[D]. [硕士论文], 上海交通大学, 2011.
	JIN L. Study on bit stream oriented unknown frame head identification[D]. [Master dissertation], Shanghai Jiao Tong University, 2011.
[10]	WU X, ZHU X, WU G Q, et al. Data mining with big data[J]. IEEE Transactions on Knowledge and Data Engineering, 2014, 26(1): 97-107. doi: 10.1109/TKDE.2013.109.
[11]	王和洲, 薛开平, 洪佩琳, 等. 基于频繁统计和关联规则的未知链路协议比特流切割算法[J]. 中国科学技术大学学报, 2013, 43(7): 554-560. doi: 10.3969/j.issn.0253-2778.2013.07.006.
	WANG H, XUE K, HONG P, et al. An unknown link protocol bit stream segmentation algorithm based on frequent statistics and association rules[J]. Journal of University of Science and Technology of China, 2013, 43(7): 554-560. doi: 10.3969/j.issn.0253-2778.2013.07.006.
[12]	AGRAWAL R, IMIELINSKI T, and SWAMI A. Mining association rules between sets of items in large databases[C]. Proceedings of ACM SIGMOD International Conference on Management of Data. Washington, D.C, USA, 1993: 207-216. doi: 10.1145/170036.170072.
[13]	KNUTH D E, MORRIS,J J H, and PRATT V R. Fast pattern matching in strings[J]. SIAM Journal on Computing, 1977, 6(2): 323-350. doi: 10.1137/0206024.
[14]	BOYER R S and MOORE J S. A fast string searching algorithm[J]. Communications of the ACM, 1977, 20(10): 762-772. doi: 10.1145/359842.359859.
[15]	HONG Y D, KE X, and YONG C. An improved Wu-Manber multiple patterns matching algorithm[C]. IEEE Performance, Computing and Communications Conference, Phoenix, Arizona, USA, 2006: 674-680. doi: 10.1109/.2006.1629469.
[16]	FAN J J and SU K Y. An efficient algorithm for matching multiple patterns[J]. IEEE Transactions on Knowledge and Data Engineering, 1993, 5(2): 339-351. doi: 10.1109/69.219740.
[17]	AHO A V and CORASICK M J. Efficient string matching: an aid to bibliographic search[J]. Communications of the ACM, 1975, 18(6): 333-340. doi: 10.1145/360825.360855.