The Recognization And Analysis Of The Unknown Protocol Fingerprint Features In Wireless Network

With the high flexibility and mobility, the wireless network has already dramatically influnced people’s working and living. As the security requirement of wireless network is becoming more and more significant, the security supervision and optimization should be updated in that the substantial focus on this issue. As many protocol in the wireless network are proprietary and have no publicly released specifications, we propose a method that recognize the unknown protocols with the fingerprint features, which is based on the protocol reverse engineering. With this method, our aim is to functionalize the wireless security detection, in order to realize the security issues in time.In order to recognize the unknown protocols in wireless network, we firstly need to recognize the whole frame in wireless bit streams. Secondly, we need to find the right protocol feature in data frames. At last, we need to describe the protocol fingerprint feature suitably. According to these problems, we propose 3 methods to solve them: the data frame location based on the preamble identification, the protocol feature recognization based on the keywords and the protocol fingerprint feature models based on the FSM. In the data frame location based on the preamble identification, we use the improved AC algorithm to find the frequent sequences, and split them with location informations to create the preamble candidate set, and then realize the data frame location. In the protocol feature recognization based on the keywords, finding the keywords is a significant technique. We use the data units location, Jaccard index and replaying the datagrams to extract the accuracy of keywords. In the protocol fingerprint feature models based on the FSM, the protocol feature description model and the state description model can completely and sequentially make up the protocol feature and status information together, which can include all kinds of protocol features to recognize the protocol completely.In order to verify the method that recognize the unknown protocols with the fingerprint features, we tested each step involved in this technique using the DARPA dataset with several criteria. Our results showed that the precision and recall of this method could reached 100%, indicating that the method we proposed could correctly extract fingerprint features in protocols and identify unknown protocols.