面向链路比特流的未知帧关联分析

薛开平; 柳彬; 王劲松; 李威; 薛颖杰

doi:10.11999/JEIT160289

面向链路比特流的未知帧关联分析

doi: 10.11999/JEIT160289

1.
(中国科学技术大学信息科学技术学院合肥 230027) ②(西南电子电信技术研究所成都 610041)

基金项目:

国家自然科学基金(61379129)，中国科学院青年创新促进会人才基金(2016394)

计量
- 文章访问数: 1361
- HTML全文浏览量: 190
- PDF下载量: 469
- 被引次数: 0
出版历程
- 收稿日期: 2016-03-28
- 修回日期: 2016-07-25
- 刊出日期: 2017-02-19

Data Link Bit Stream Oriented Association Analysis on Unknown Frame

1.
(School of Information Science and Technology, University of Science and Technology of China, Hefei 230027, China)
2.
(Southwest Electronics and Telecommunication Technology Research Institute, Chengdu 610041, China)

Funds:

The National Natural Science Foundation of China (61379129), Youth Innovation Promotion Association CAS (2016394)

摘要

摘要: 在电子对抗中，截获到对方的通信比特流序列之后，当链路协议类型未知时，现有的协议解析工具往往无法分析比特流所承载的有用信息。为了获取比特流承载信息，首先需要切分比特流得到链路帧。该文根据链路帧结构的一般规律，提出一种基于数据挖掘的比特流切分算法。通过频繁序列统计、关联规则分析以及关联规则整合，识别出比特流中标识帧起始的多重关联规则序列。测试结果表明，该算法能够从未知比特流中提取有效的切分标识，正确实现比特流切分。与同类基于数据挖掘的比特流分析方法相比，该算法复杂度低，输出结果唯一且可信度高。
- 链路比特流 /
- 未知帧 /
- 频繁统计 /
- 关联分析 /
- 切分
Abstract: In the electronic countermeasure, the opponents bit stream can be captured. However, without any knowledge about the type of data link protocol, the existing protocol analyzing tools can not analyze the useful information from the bit stream. To further get the carried?information, the bit stream should be segmented to frames firstly. According to the general rules of frame structure, a bit stream segmentation algorithm is proposed based on data mining, in which, the multi-association rule indicating the beginning of frames can be identified by using frequent sequence statistics, association analysis and association rules integration. The test results show that, this algorithm can extract the valid segmentation flag from unknown bit stream and segment the bit stream correctly. Compared to the similar data mining based bit stream analyzing algorithms, this algorithm can be more efficient and produce a unique result which is of high reliability.
- Data link bit stream /
- Unknown frame /
- Frequent statistics /
- Association analysis /
- Segmentation

HTML全文

参考文献(26)

WRIGHT C, MONROSE F, and MASSON G M. HMM profiles for network traffic classification[C]. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. ACM, Washington, D.C., USA, 2004: 9-15. doi: 10.1145/1029208.1029211.

孙钦东, 郭晓军, 黄新波. 基于多模式匹配的网络视频流识别与分类算法[J]. 电子与信息学报, 2009, 31(3): 759-762. doi: 10.3724/SP.J.1146.2008.00301.

SUN Q, GUO X, and HUANG X. Algorithm of network video stream recognition and classification based on multi-pattern matching[J]. Journal of Electronics Information Technology, 2009, 31(3): 759-762. doi: 10.3724/SP.J.1146.2008.00301.

王变琴, 余顺争. 未知网络应用流量的自动提取方法[J]. 通信学报, 2014, 35(7): 164-171. doi: 10.3969/j.issn.1000-436x. 2014.07.020.

WANG B and YU S. Automatic extraction for the traffic of unknown network applications[J]. Journal on Communications, 2014, 35(7): 164-171. doi: 10.3969/j.issn. 1000-436x.2014.07.020.

高长喜, 吴亚飚, 王枞. 基于抽样分组长度分布的加密流量应用识别[J]. 通信学报, 2015, 36(9): 65-75. doi: 10.11959/j.issn. 1000-436x.2015171.

GAO C, WU Y, and WANG C. Encrypted traffic classification based on packet length distribution of sampling sequence[J]. Journal on Communications, 2015, 36(9): 65-75. doi: 10.11959/j.issn.1000-436x.2015171.

朱玉娜, 韩继红, 袁霖, 等. SPFPA: 一种面向未知安全协议的格式解析方法[J]. 计算机研究与发展, 2015, 52(10): 2200-2211. doi: 10.7544/issn1000-1239.2015.20150568.

ZHU Y, HAN J, YUAN L, et al. SPFPA: A format parsing approach for unknown security protocols[J]. Journal of Computer Research and Development, 2015, 52(10): 2200-2211. doi: 10.7544/issn1000-1239.2015.20150568.

朱玉娜, 韩继红, 袁霖, 等. 基于主体行为的多方安全协议会话识别方法[J]. 通信学报, 2015, 36(11): 190-200. doi: 10.11959/j.issn.1000-436x.2015273.

ZHU Y, HAN J, YUAN L, et al. Towards session identification using principal behavior for multi-party secure protocol[J]. Journal on Communications, 2015, 36(11): 190-200. doi: 10.11959/j.issn.1000-436x.2015273.

邢萌, 王韬, 吴杨, 等. 一种提高链路层加密比特流识别率的新方法[J]. 计算机应用研究, 2015, 32(11): 3443-3447. doi: 10.3969/j.issn.1001-3695.2015.11.057.

XING M, WANG T, WU Y, et al. New method to improve identification rate of encrypted bit stream in data link layer[J]. Application Research of Computers, 2015, 32(11): 3443-3447. doi: 10.3969/j.issn.1001-3695.2015.11.057.

郑杰, 朱强. 未知单协议数据帧的地址分析与研究[J]. 计算机科学, 2015, 42(11): 184-187. doi: 10.11896/j.issn.1002-137X. 2015.11.038.

ZHENG J and ZHU Q. Analysis and research on address message of unknown single protocol data frame[J]. Computer Science, 2015, 42(11): 184-187. doi: 10.11896/j.issn. 1002-137X.2015.11.038.

金凌. 面向比特流的未知帧头识别技术研究[D]. [硕士论文], 上海交通大学, 2011.

JIN L. Study on bit stream oriented unknown frame head identification[D]. [Master dissertation], Shanghai Jiao Tong University, 2011.

WU X, ZHU X, WU G Q, et al. Data mining with big data[J]. IEEE Transactions on Knowledge and Data Engineering, 2014, 26(1): 97-107. doi: 10.1109/TKDE.2013.109.

王和洲, 薛开平, 洪佩琳, 等. 基于频繁统计和关联规则的未知链路协议比特流切割算法[J]. 中国科学技术大学学报, 2013, 43(7): 554-560. doi: 10.3969/j.issn.0253-2778.2013.07.006.

WANG H, XUE K, HONG P, et al. An unknown link protocol bit stream segmentation algorithm based on frequent statistics and association rules[J]. Journal of University of Science and Technology of China, 2013, 43(7): 554-560. doi: 10.3969/j.issn.0253-2778.2013.07.006.

AGRAWAL R, IMIELINSKI T, and SWAMI A. Mining association rules between sets of items in large databases[C]. Proceedings of ACM SIGMOD International Conference on Management of Data. Washington, D.C, USA, 1993: 207-216. doi: 10.1145/170036.170072.

KNUTH D E, MORRIS,J J H, and PRATT V R. Fast pattern matching in strings[J]. SIAM Journal on Computing, 1977, 6(2): 323-350. doi: 10.1137/0206024.

BOYER R S and MOORE J S. A fast string searching algorithm[J]. Communications of the ACM, 1977, 20(10): 762-772. doi: 10.1145/359842.359859.

HONG Y D, KE X, and YONG C. An improved Wu-Manber multiple patterns matching algorithm[C]. IEEE Performance, Computing and Communications Conference, Phoenix, Arizona, USA, 2006: 674-680. doi: 10.1109/.2006.1629469.

FAN J J and SU K Y. An efficient algorithm for matching multiple patterns[J]. IEEE Transactions on Knowledge and Data Engineering, 1993, 5(2): 339-351. doi: 10.1109/69.219740.

AHO A V and CORASICK M J. Efficient string matching: an aid to bibliographic search[J]. Communications of the ACM, 1975, 18(6): 333-340. doi: 10.1145/360825.360855.

施引文献

资源附件(0)

访问统计