|
|
|
| Data Link Bit Stream Oriented Association Analysis on Unknown Frame |
| XUE Kaiping① LIU Bin① WANG Jinsong② LI Wei① XUE Yingjie① |
①(School of Information Science and Technology, University of Science and Technology of China, Hefei 230027, China)
②(Southwest Electronics and Telecommunication Technology Research Institute, Chengdu 610041, China) |
|
|
|
|
Abstract In the electronic countermeasure, the opponent’s bit stream can be captured. However, without any knowledge about the type of data link protocol, the existing protocol analyzing tools can not analyze the useful information from the bit stream. To further get the carried?information, the bit stream should be segmented to frames firstly. According to the general rules of frame structure, a bit stream segmentation algorithm is proposed based on data mining, in which, the multi-association rule indicating the beginning of frames can be identified by using frequent sequence statistics, association analysis and association rules integration. The test results show that, this algorithm can extract the valid segmentation flag from unknown bit stream and segment the bit stream correctly. Compared to the similar data mining based bit stream analyzing algorithms, this algorithm can be more efficient and produce a unique result which is of high reliability.
|
|
Received: 28 March 2016
Published: 09 October 2016
|
|
|
| Fund: The National Natural Science Foundation of China (61379129), Youth Innovation Promotion Association CAS (2016394) |
|
Corresponding Authors:
XUE Kaiping
E-mail: kpxue@ustc.edu.cn
|
|
|
|
| [1] |
WRIGHT C, MONROSE F, and MASSON G M. HMM profiles for network traffic classification[C]. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. ACM, Washington, D.C., USA, 2004: 9-15. doi: 10.1145/1029208.1029211.
|
| [2] |
孙钦东, 郭晓军, 黄新波. 基于多模式匹配的网络视频流识别与分类算法[J]. 电子与信息学报, 2009, 31(3): 759-762. doi: 10.3724/SP.J.1146.2008.00301.
|
|
SUN Q, GUO X, and HUANG X. Algorithm of network video stream recognition and classification based on multi-pattern matching[J]. Journal of Electronics & Information Technology, 2009, 31(3): 759-762. doi: 10.3724/SP.J.1146.2008.00301.
|
| [3] |
王变琴, 余顺争. 未知网络应用流量的自动提取方法[J]. 通信学报, 2014, 35(7): 164-171. doi: 10.3969/j.issn.1000-436x. 2014.07.020.
|
|
WANG B and YU S. Automatic extraction for the traffic of unknown network applications[J]. Journal on Communications, 2014, 35(7): 164-171. doi: 10.3969/j.issn. 1000-436x.2014.07.020.
|
| [4] |
高长喜, 吴亚飚, 王枞. 基于抽样分组长度分布的加密流量应用识别[J]. 通信学报, 2015, 36(9): 65-75. doi: 10.11959/j.issn. 1000-436x.2015171.
|
|
GAO C, WU Y, and WANG C. Encrypted traffic classification based on packet length distribution of sampling sequence[J]. Journal on Communications, 2015, 36(9): 65-75. doi: 10.11959/j.issn.1000-436x.2015171.
|
| [5] |
朱玉娜, 韩继红, 袁霖, 等. SPFPA: 一种面向未知安全协议的格式解析方法[J]. 计算机研究与发展, 2015, 52(10): 2200-2211. doi: 10.7544/issn1000-1239.2015.20150568.
|
|
ZHU Y, HAN J, YUAN L, et al. SPFPA: A format parsing approach for unknown security protocols[J]. Journal of Computer Research and Development, 2015, 52(10): 2200-2211. doi: 10.7544/issn1000-1239.2015.20150568.
|
| [6] |
朱玉娜, 韩继红, 袁霖, 等. 基于主体行为的多方安全协议会话识别方法[J]. 通信学报, 2015, 36(11): 190-200. doi: 10.11959/j.issn.1000-436x.2015273.
|
|
ZHU Y, HAN J, YUAN L, et al. Towards session identification using principal behavior for multi-party secure protocol[J]. Journal on Communications, 2015, 36(11): 190-200. doi: 10.11959/j.issn.1000-436x.2015273.
|
| [7] |
邢萌, 王韬, 吴杨, 等. 一种提高链路层加密比特流识别率的新方法[J]. 计算机应用研究, 2015, 32(11): 3443-3447. doi: 10.3969/j.issn.1001-3695.2015.11.057.
|
|
XING M, WANG T, WU Y, et al. New method to improve identification rate of encrypted bit stream in data link layer[J]. Application Research of Computers, 2015, 32(11): 3443-3447. doi: 10.3969/j.issn.1001-3695.2015.11.057.
|
| [8] |
郑杰, 朱强. 未知单协议数据帧的地址分析与研究[J]. 计算机科学, 2015, 42(11): 184-187. doi: 10.11896/j.issn.1002-137X. 2015.11.038.
|
|
ZHENG J and ZHU Q. Analysis and research on address message of unknown single protocol data frame[J]. Computer Science, 2015, 42(11): 184-187. doi: 10.11896/j.issn. 1002-137X.2015.11.038.
|
| [9] |
金凌. 面向比特流的未知帧头识别技术研究[D]. [硕士论文], 上海交通大学, 2011.
|
|
JIN L. Study on bit stream oriented unknown frame head identification[D]. [Master dissertation], Shanghai Jiao Tong University, 2011.
|
| [10] |
WU X, ZHU X, WU G Q, et al. Data mining with big data[J]. IEEE Transactions on Knowledge and Data Engineering, 2014, 26(1): 97-107. doi: 10.1109/TKDE.2013.109.
|
| [11] |
王和洲, 薛开平, 洪佩琳, 等. 基于频繁统计和关联规则的未知链路协议比特流切割算法[J]. 中国科学技术大学学报, 2013, 43(7): 554-560. doi: 10.3969/j.issn.0253-2778.2013.07.006.
|
|
WANG H, XUE K, HONG P, et al. An unknown link protocol bit stream segmentation algorithm based on frequent statistics and association rules[J]. Journal of University of Science and Technology of China, 2013, 43(7): 554-560. doi: 10.3969/j.issn.0253-2778.2013.07.006.
|
| [12] |
AGRAWAL R, IMIELINSKI T, and SWAMI A. Mining association rules between sets of items in large databases[C]. Proceedings of ACM SIGMOD International Conference on Management of Data. Washington, D.C, USA, 1993: 207-216. doi: 10.1145/170036.170072.
|
| [13] |
KNUTH D E, MORRIS,J J H, and PRATT V R. Fast pattern matching in strings[J]. SIAM Journal on Computing, 1977, 6(2): 323-350. doi: 10.1137/0206024.
|
| [14] |
BOYER R S and MOORE J S. A fast string searching algorithm[J]. Communications of the ACM, 1977, 20(10): 762-772. doi: 10.1145/359842.359859.
|
| [15] |
HONG Y D, KE X, and YONG C. An improved Wu-Manber multiple patterns matching algorithm[C]. IEEE Performance, Computing and Communications Conference, Phoenix, Arizona, USA, 2006: 674-680. doi: 10.1109/.2006.1629469.
|
| [16] |
FAN J J and SU K Y. An efficient algorithm for matching multiple patterns[J]. IEEE Transactions on Knowledge and Data Engineering, 1993, 5(2): 339-351. doi: 10.1109/69.219740.
|
| [17] |
AHO A V and CORASICK M J. Efficient string matching: an aid to bibliographic search[J]. Communications of the ACM, 1975, 18(6): 333-340. doi: 10.1145/360825.360855.
|
|
|
|
