Rule Extraction And Optimization Strategy For Application Protocols

ABSTRACT: With the rapid development of the computer network technology, global informationization has become a big trend in the history of human society's development. Meanwhile, the network information security has become a critical issue in the information age.Identifying accurately each data stream's protocol on the Internet accurately is of great significance used for network administrators, researchers, service providers and users.It is the study premise and foundation of distinguishing different flows such as service,intrusion detection, QoS, traffic monitoring and billing management and analyzing user behavior.In this paper, we firstly analyze the current situation and the existing methods of the application protocol identification technology. In addition,to do theoretical preparation for rule extraction,we introduces the Snort system and Snort Rules' content.Then,by introducing QQ war platform as an example of rule extraction based on Snort.We explain the method and process of rules extraction,and summarize the problems arising in the extraction process. Specific extraction process includes such steps as using wireshark to catch data packets,analyzing the packets,writing snort rules for specific information,loading rules,testing recognition effect,detecting logs' accuracy.In addition, the paper consolidates different application protocol data packets in the process of extracting rules.The protocols include traditional protocol class, stock trade class, instant information class, streaming media class, network games class, internet phone class, network television class, P2P download class.At the same time, we retain the original data packets to form packets sample library.And this result is of great significance for the following research works including network environment test, automatic identification test and data packet rules verification and so on.The paper also introduce a variety of matching algorithms and the alignment algorithm, and propose an improved algorithm based CMENW on the automatic extraction of the application protocol data packets.Thus the use of automatic extraction can make extracting rules more accurate and more efficient. Besides, the automatic extraction is the application protocol's optimization strategy of extracting rules. Finally, this paper respectively uses the examples of QQ BattleZone and My Own Swordsman to show the process that how to use the improved algorithm for automatic extraction process packets of application protocols.