The Study On Protocol Identification Technology

With the development of the network technology, especially with the popularization of the Internet, the information security and countermeasure of the network have become extremely important issues of the information times. As a foundational technique, protocol identification is the precondition of network security and countering technique. But with the development of network protocols, some new protocols use dynamic ports or cryptography. The limits of traditional protocol identification techniques are becoming more and more obvious. So some research on protocol identification are did in this thesis.Firstly, the traditional techniques of protocol identification are summarized in this thesis, such as the identification techniques based on port mapping, static characteristics mapping, dynamic action characteristics mapping and so on and the mechanism and limits of these technologes are analyzed. Then we mainly study the pattern matching algorithm and analyze a better algorithm, which has longer searching step and faster searching speed compared with the BM algorithm.Secondly, a protocol identification technique using Profile Hidden Markov Models (HMM) is studied and improved. It is based on statistic characteristics and chooses those features that are insensitive with encryption such as packet sizes, arrival times etc. We bring forward a identification technique using HMM with multiple features. Then we employ a k-means clustering approach and vector quantitization technique to transform our two-dimensional tuple of into one–dimensional data so that we can then use the same type of models and techniques to deal with timing or size information simultaneously. Experiment results show that compared with traditional techniques our technique can substantially increase recognition accuracy and can be applied in encryption environments.In the end, we do some research on identification techniques of P2P protocols. A P2P protocol identification technique based on Deep Packet Inspection(DPI) is analyzed at first. We make a analysis of its advantages and limits first.Considering its disadvantages, then we advance a P2P protocol identification algorithm based on traffic characteristics, which has better performance of scalability and efficiency. A P2P protocol identification model is designed at last.