Association Analysis and Identification of Unknown Bitstream Protocols Based on Composite Feature Sets

Concomitant with the rapid development of network communications technology, the analysis of communication protocols has become indispensable in the maintenance of daily network security. Common protocol analysis methods predominantly analyze protocols using known information, such as fixed port num...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2021, Vol.9, p.164454-164465
Hauptverfasser: Wang, Shucheng, Guo, Fan, Fan, Yong, Wu, Jing
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Concomitant with the rapid development of network communications technology, the analysis of communication protocols has become indispensable in the maintenance of daily network security. Common protocol analysis methods predominantly analyze protocols using known information, such as fixed port numbers; however, these methods have significant limitations. In the current network environment, the proportion of undisclosed protocols is increasing daily, and the information related to such protocols is difficult to obtain and sometimes fails because of the particularity of the unknown protocol format. Therefore, it is crucial to analyze unknown protocols in the context of less prior knowledge. To solve this problem, this paper proposes a novel protocol identification method in which association analysis and identification of unknown bitstream protocols are first carried out based on composite feature sets. Furthermore, data mining and statistics-related knowledge are applied to realize protocol message-type identification and protocol message-format analysis. The results of experiments conducted on the bitstream protocol dataset verify that the proposed method can accurately identify different message types. Specifically, taking the ICMP and ARP protocols as examples, the proposed method could effectively infer the main features, which is helpful for further protocol information extraction and analysis.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2021.3134697