面向鏈路比特流的未知幀關(guān)聯(lián)分析
doi: 10.11999/JEIT160289 cstr: 32379.14.JEIT160289
-
1.
(中國科學(xué)技術(shù)大學(xué)信息科學(xué)技術(shù)學(xué)院 合肥 230027) ②(西南電子電信技術(shù)研究所 成都 610041)
國家自然科學(xué)基金(61379129),中國科學(xué)院青年創(chuàng)新促進(jìn)會(huì)人才基金(2016394)
Data Link Bit Stream Oriented Association Analysis on Unknown Frame
-
1.
(School of Information Science and Technology, University of Science and Technology of China, Hefei 230027, China)
-
2.
(Southwest Electronics and Telecommunication Technology Research Institute, Chengdu 610041, China)
The National Natural Science Foundation of China (61379129), Youth Innovation Promotion Association CAS (2016394)
-
摘要: 在電子對抗中,截獲到對方的通信比特流序列之后,當(dāng)鏈路協(xié)議類型未知時(shí),現(xiàn)有的協(xié)議解析工具往往無法分析比特流所承載的有用信息。為了獲取比特流承載信息,首先需要切分比特流得到鏈路幀。該文根據(jù)鏈路幀結(jié)構(gòu)的一般規(guī)律,提出一種基于數(shù)據(jù)挖掘的比特流切分算法。通過頻繁序列統(tǒng)計(jì)、關(guān)聯(lián)規(guī)則分析以及關(guān)聯(lián)規(guī)則整合,識別出比特流中標(biāo)識幀起始的多重關(guān)聯(lián)規(guī)則序列。測試結(jié)果表明,該算法能夠從未知比特流中提取有效的切分標(biāo)識,正確實(shí)現(xiàn)比特流切分。與同類基于數(shù)據(jù)挖掘的比特流分析方法相比,該算法復(fù)雜度低,輸出結(jié)果唯一且可信度高。
-
關(guān)鍵詞:
- 鏈路比特流 /
- 未知幀 /
- 頻繁統(tǒng)計(jì) /
- 關(guān)聯(lián)分析 /
- 切分
Abstract: In the electronic countermeasure, the opponents bit stream can be captured. However, without any knowledge about the type of data link protocol, the existing protocol analyzing tools can not analyze the useful information from the bit stream. To further get the carried?information, the bit stream should be segmented to frames firstly. According to the general rules of frame structure, a bit stream segmentation algorithm is proposed based on data mining, in which, the multi-association rule indicating the beginning of frames can be identified by using frequent sequence statistics, association analysis and association rules integration. The test results show that, this algorithm can extract the valid segmentation flag from unknown bit stream and segment the bit stream correctly. Compared to the similar data mining based bit stream analyzing algorithms, this algorithm can be more efficient and produce a unique result which is of high reliability.-
Key words:
- Data link bit stream /
- Unknown frame /
- Frequent statistics /
- Association analysis /
- Segmentation
-
WRIGHT C, MONROSE F, and MASSON G M. HMM profiles for network traffic classification[C]. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. ACM, Washington, D.C., USA, 2004: 9-15. doi: 10.1145/1029208.1029211. 孫欽東, 郭曉軍, 黃新波. 基于多模式匹配的網(wǎng)絡(luò)視頻流識別與分類算法[J]. 電子與信息學(xué)報(bào), 2009, 31(3): 759-762. doi: 10.3724/SP.J.1146.2008.00301. SUN Q, GUO X, and HUANG X. Algorithm of network video stream recognition and classification based on multi-pattern matching[J]. Journal of Electronics Information Technology, 2009, 31(3): 759-762. doi: 10.3724/SP.J.1146.2008.00301. 王變琴, 余順爭. 未知網(wǎng)絡(luò)應(yīng)用流量的自動(dòng)提取方法[J]. 通信學(xué)報(bào), 2014, 35(7): 164-171. doi: 10.3969/j.issn.1000-436x. 2014.07.020. WANG B and YU S. Automatic extraction for the traffic of unknown network applications[J]. Journal on Communications, 2014, 35(7): 164-171. doi: 10.3969/j.issn. 1000-436x.2014.07.020. 高長喜, 吳亞飚, 王樅. 基于抽樣分組長度分布的加密流量應(yīng)用識別[J]. 通信學(xué)報(bào), 2015, 36(9): 65-75. doi: 10.11959/j.issn. 1000-436x.2015171. GAO C, WU Y, and WANG C. Encrypted traffic classification based on packet length distribution of sampling sequence[J]. Journal on Communications, 2015, 36(9): 65-75. doi: 10.11959/j.issn.1000-436x.2015171. 朱玉娜, 韓繼紅, 袁霖, 等. SPFPA: 一種面向未知安全協(xié)議的格式解析方法[J]. 計(jì)算機(jī)研究與發(fā)展, 2015, 52(10): 2200-2211. doi: 10.7544/issn1000-1239.2015.20150568. ZHU Y, HAN J, YUAN L, et al. SPFPA: A format parsing approach for unknown security protocols[J]. Journal of Computer Research and Development, 2015, 52(10): 2200-2211. doi: 10.7544/issn1000-1239.2015.20150568. 朱玉娜, 韓繼紅, 袁霖, 等. 基于主體行為的多方安全協(xié)議會(huì)話識別方法[J]. 通信學(xué)報(bào), 2015, 36(11): 190-200. doi: 10.11959/j.issn.1000-436x.2015273. ZHU Y, HAN J, YUAN L, et al. Towards session identification using principal behavior for multi-party secure protocol[J]. Journal on Communications, 2015, 36(11): 190-200. doi: 10.11959/j.issn.1000-436x.2015273. 邢萌, 王韜, 吳楊, 等. 一種提高鏈路層加密比特流識別率的新方法[J]. 計(jì)算機(jī)應(yīng)用研究, 2015, 32(11): 3443-3447. doi: 10.3969/j.issn.1001-3695.2015.11.057. XING M, WANG T, WU Y, et al. New method to improve identification rate of encrypted bit stream in data link layer[J]. Application Research of Computers, 2015, 32(11): 3443-3447. doi: 10.3969/j.issn.1001-3695.2015.11.057. 鄭杰, 朱強(qiáng). 未知單協(xié)議數(shù)據(jù)幀的地址分析與研究[J]. 計(jì)算機(jī)科學(xué), 2015, 42(11): 184-187. doi: 10.11896/j.issn.1002-137X. 2015.11.038. ZHENG J and ZHU Q. Analysis and research on address message of unknown single protocol data frame[J]. Computer Science, 2015, 42(11): 184-187. doi: 10.11896/j.issn. 1002-137X.2015.11.038. 金凌. 面向比特流的未知幀頭識別技術(shù)研究[D]. [碩士論文], 上海交通大學(xué), 2011. JIN L. Study on bit stream oriented unknown frame head identification[D]. [Master dissertation], Shanghai Jiao Tong University, 2011. WU X, ZHU X, WU G Q, et al. Data mining with big data[J]. IEEE Transactions on Knowledge and Data Engineering, 2014, 26(1): 97-107. doi: 10.1109/TKDE.2013.109. 王和洲, 薛開平, 洪佩琳, 等. 基于頻繁統(tǒng)計(jì)和關(guān)聯(lián)規(guī)則的未知鏈路協(xié)議比特流切割算法[J]. 中國科學(xué)技術(shù)大學(xué)學(xué)報(bào), 2013, 43(7): 554-560. doi: 10.3969/j.issn.0253-2778.2013.07.006. WANG H, XUE K, HONG P, et al. An unknown link protocol bit stream segmentation algorithm based on frequent statistics and association rules[J]. Journal of University of Science and Technology of China, 2013, 43(7): 554-560. doi: 10.3969/j.issn.0253-2778.2013.07.006. AGRAWAL R, IMIELINSKI T, and SWAMI A. Mining association rules between sets of items in large databases[C]. Proceedings of ACM SIGMOD International Conference on Management of Data. Washington, D.C, USA, 1993: 207-216. doi: 10.1145/170036.170072. KNUTH D E, MORRIS,J J H, and PRATT V R. Fast pattern matching in strings[J]. SIAM Journal on Computing, 1977, 6(2): 323-350. doi: 10.1137/0206024. BOYER R S and MOORE J S. A fast string searching algorithm[J]. Communications of the ACM, 1977, 20(10): 762-772. doi: 10.1145/359842.359859. HONG Y D, KE X, and YONG C. An improved Wu-Manber multiple patterns matching algorithm[C]. IEEE Performance, Computing and Communications Conference, Phoenix, Arizona, USA, 2006: 674-680. doi: 10.1109/.2006.1629469. FAN J J and SU K Y. An efficient algorithm for matching multiple patterns[J]. IEEE Transactions on Knowledge and Data Engineering, 1993, 5(2): 339-351. doi: 10.1109/69.219740. AHO A V and CORASICK M J. Efficient string matching: an aid to bibliographic search[J]. Communications of the ACM, 1975, 18(6): 333-340. doi: 10.1145/360825.360855. -
計(jì)量
- 文章訪問數(shù): 1409
- HTML全文瀏覽量: 196
- PDF下載量: 470
- 被引次數(shù): 0