Network Communication Behavior Modeling Method Based On Data Classification Research

With rapid development of Internet, Web date stream communication exponentially.The current Internet branch band width has reached 40 Gb. This means that date traffic with high speed and high bandwidth network withthin 1 minutes by more than millions of. Not only so,early protocol cannot satisfy the demand of present network. Therefore,various protocols have sprung up. In the network,the P2 p flow,the media class,game protocol appeared in large numbers,even private fomate flow with the hacker transmits has the aggressive ageeement is also follding the network world.The specification of these protocols are mostly not open and the protocal itself does not compy with the default pove agree,the presents a great challenge to the network date security supeivision.National network security conference held in 2014,it shows that the infomation network security ang confrontation has become the core cotent of the national informatization strategy.It reflects the current network scurity faces grim situation,but also stimulate the new exploration and study of network security.The study protocol recognition has been a hot direction in the field of network security. Protocol identification refers to the flow characteristics of certain or load characteristics the network data stream classification into different protocols, and classification of each protocol clusters obtained should contain only the same category of agreement. The protocol identification technology provides a method of data information recognition and regulatory network for the operators, network administrator, sniffer, also found that provides security with malicious network protocol message and prevent the leak of sensitive information.The important status of protocol identification in the network security protection based on aspect, this article summarizes the background, development process and the main method of protocol identification technology. The protocol identification algorithm of feature selection based on in-depth research, and introduces several classic on feature selection algorithm. Including the correlation feature selection(CFS), chi square test(ChiSquare), information gain(InfoGain), information gain ratio(InfoGainRatio), and analyze their principles, their respective advantages and disadvantages.On the basis of the research on the above feature selection algorithm, this paper proposed a feature selection method based on mutual information in binary single protocol message environment.This method is mainly to solve protocol identification problem,which is based on feature selection method in binary single protocol message environment.This method combined with the concept of mutual information in information theory, put forward the “maximum correlation- minimum redundancy”as a feature selection basis,and compared with other feature selection algorithm analysis through experiment.The unsupervised feature selection algorithm,propsed by this paper,make the results of classification accuracy rate reach more than 90%.Also,the characteristics choosed by the algorithm,compared with real character string,contain the main string characteristics that can distinguish the agreement with other agreement.This paper verify the effectiveness of the algorithm on binary protocol message recongnition.Usually, deal recognition algorithm aimed at the application layer protocol flow or text,there is little algorythm to solve the problem of binary protocol message recongnition.The method in this paper is for binary protocol packets,and it can complete feature selection and data classification without the collection of data category information,which is provides a train of thought for researching unknown protocol identification.