Research On Bit-stream Oriented Link Protocol Identification And Analysis Techniques

In military and commercial communication, monitoring the channel is essential for the need of security concern, and protocol identification is a main method to solve this problem. While protocol identification technology on the high-level protocols is relatively mature, it is lack of research on the link layer. In monitoring wireless channels, electronic countermeasures, satellite communications and other fields, the protocol identification and frame segmenting technology has practical needs. There are two difficulties in this particular research. Firstly, the character set of target bit-stream data is so particular that the recognition efficiency of analysis is severely limited. Secondly, because most of the existed link layer protocols are secret, we couldn’t get any information about these protocols and then it’s difficult to separate frames. This thesis focuses on the research of bit-stream oriented link protocol identification and analysis techniques, and proposes my own solutions on these two problems respectively.1) The problem that how to improve the efficiency of typical link-layer protocol analysis and identify:Through thorough analysis we find that the efficiency is limited by pattern matching algorithms. The reason is that these typical matching algorithms cannot be adapted to the bit-streams. For this special data form, combining the classic Quick Search algorithm with the characteristics of bit-stream, we proposed one optimization algorithm named QS coding algorithm. The experiments result shows that my algorithm is effective and has advantages than other schemes.2) The challenge that how to extract each frame from the bit-stream without knowing the frame structure:To solve this problem, a bit stream segmentation algorithm that based on data mining is proposed. First, we analyze the structure of protocol frames as well as the correlation inside, which are in the data stream. Then by using frequent statistics and verifying with association rules, it recognizes and extracts the characteristic sequences which mark the start and the end of a frame, as well as association rule sequences from the data stream. And finally segments the bit stream on the basis of these sequences. According to a threshold N on the amount of results, it could provide N kinds of most feasible segmentation plans. Experiments show that the proposed algorithm is effective and robust.