| With the development of information technology, network security is becoming more and more important, the wireless network has already attracted lots of users because of its high flexibility and mobility. The wireless network’s transmission medium makes it more vulnerable to be attacked, especially the proprietary or unknown protocols. We can’t analyse the protocol type from the captured packets directly, which leads to serious damage to the integrity and confidentiality of information. Besides, most of the existing protocol identification technologies, using the method based on port or payload, can’t effectively prevent such attacks because of the dynamic ports and the lack of protocol specifications.The critical method to safeguard network security is to identify unknown protocols, while features detection and extraction is an important step in unknown protocols identification. In addition, the bit stream data with the features of no semantic makes the features extraction from unknown protocols more difficult. This article is on the premise of data frames. Considering the particularity of bit stream data, firstly we need to choose a suitable feature selection algorithm, secondly we should to verify the effectiveness of the algorithm in unknown protocols recognition, and finally we need to choose the accurate fingerprint information of protocols. In order to solve these problems, we design a clustering algorithm based on machine learning, and improve the feature selection algorithm based on mutual information. In the clustering algorithm based on machine learning, by analyzing the performance of algorithms, we choose a kind of algorithm which has the best performance. Improve to make it suitable for clustering of unknown protocol and verify the validity of the feature selection algorithm. In the improved feature selection algorithm based on mutual information, we segment and filter frames, join them together to get long strings, and then choose the appropriate threshold to get candidate features, at last we can use feature selection algorithm to get the features of specific protocols. Finally, we need to use the clustering algorithm to verify the effectiveness of the proposed feature selection algorithm, and compare with information gain and information gain ratio, then analyze the features.In order to verify the correctness and validity of the proposed feature selection algorithm, we define a series of evaluation index and design corresponding experiments. Through the experimental results, we can know that the accuracy and recognition rate can reach above 99%. It shows that, the proposed feature selection algorithm can effectively extract the features of unknown protocol. |
PDF Full Text Request