| The goal of Protocol Identification technology is to detect the target network's data flows, analyze the data flows and find out which protocol is used in the data flow. The current era is the era of information technology. Information technology is a great achievement in the human history. The use of network has gone deep into each corner of our world. More and more people can not live well without the network. If we want to use the network more effectively, a lot of issues must be concerned about when we use it. For example, we should do disposing work before the network deployment so that we can take right measures when problems appear in the network. These are all related to the protocol identification technology.In addition, with the development of the network, it can offer more and more services. Some of the services need payment, and as the increase of service types, the billing based on different services is becoming urgent needs. To reach this goal, we need the protocol identification technology. Moreover, with the increasing number of people, there certainly will be a lot of against-security factors, we need to do protocol identification to prevent the spread of these elements.Therefore, it has great value to study the network flow identify technology. And nowadays, the most common technologies are those identifications based on ports, based on load and based on estimation. Among these, the one which based on load is so accurate that makes it using widely. As we see, one of the most important preconditions of this method is to get the signature codes of protocols, and then using these codes to achieve the modes matching, through these steps to get the network flow. So it can be concluded the merit of designing a suitable codes identify system would have an important influence to actualize the technology based on load. However, the former identify works are mainly achieved by human themselves, and there is no doubt of its high workload. Considering these, in this paper, a codes identification system which based on GSP algorithm will be put forward. Also, the new plan and its implementation will be given. And at last, some tests by which using protocol's application will be carried on.This paper firstly introduces the background of network flow identification technology and some common identify technologies nowadays. Also by contrasting these, to focus the advantage of the method which based on load, and to show the chief action is to get the signature codes. All of these are to explain the mainly research contents and directions of this paper.Secondly, some common protocol identify methods will be given, such as technologies based on ports, based on estimation, and based on load. Not only the principles and characters of each method will be introduced, but also, the veracity and identify efficiency will be compared, and through these analysis, it can be shown the codes identify technology has great importance to the technology based on the load. And also, some common protocol's application will be present, including HTTP, SMTP, POP3 and FTP. The purpose of these introductions is to clear the protocol's working mechanism, and the progress of typical network flow intercourses, then to get an elementary knowledge of signature codes.After the former two steps, an ameliorated GSP algorithm and its sequential pattern mining technology will be recommended. In this paper, it mainly focuses on basic concepts and core ideas of GSP algorithm, then analyzes the ameliorated GSP algorithm in details, and makes it actualization. A new design of an ameliorated algorithm based on signature codes will be given. Besides these, the system's framework, each module's structure and its achievement, the description of data processing will be referred. And at last, some tests based on protocols such as HTTP, SMTP and FTP will be carried on, also the results and performance analysis will be shown at the end of this paper. |
PDF Full Text Request