Analysis Of Feature For Protocol In The Form Of Stream Data

In recent years, Network security and defense has become a very important problem in the information age,Network security is the core content of the national informatization strategy. In some special conditions, through various means to use unconventional special unknown protocol for espionage’s behavior is increasingly common, more and more serious harm. At the same time, from access to the flow of data to analyze unknown protocol identification and application of monitoring means and protocol analysis and recognition method is not very good to achieve the desired effect.Stream data is a series of high-speed transmission, unlimited length over time, order irreversible data sequence. This thesis explains the flow of data is the data link layer on the flow of data (binary code 0,1).Because of the stream data of the data link layer is without semantic and single, at present, a lot of researchers, from the perspective of the application layer, and about the binary stream data in the data link layer protocol identification, study is less, so for the analysis of characteristics of binary stream data protocol is not a good solution. With the development of the network protocol, protocol identification showed new characteristics, such as certain protocol is encrypted, using dynamic form of ports, and USES the P2P mode. In order to achieve the purpose of the network information security, and in a timely manner to early warning of risk, the current urgent need to be able to in such a complex network environment developed a can carry on the analysis to the unknown protocol identification, high efficiency, high accuracy of the method. In the reality of the network under complex conditions, analysis of characteristics of stream data protocol become a new research field.This thesis through the analysis of the known protocol and unknown, research methods and recognition, think streaming data is not completely unknown agreement no rules to follow, when arrived intercepted a large, rapid and continuous data sequence, can through certain technical means and methods to analyze it and identify, find the rule of which contains the information.From vast amounts of data flow analysis and identify the way to the unknown protocol is to data mining, find the features that are included in the sequence, in the absence of experience and the characteristics of the known protocol sequence control, to achieve rapid extraction of frequent sequences. Convection data to the content of this topic is:first, the reasonable frame segmentation, and then select the appropriate identification and feature selection algorithm, the second validation algorithm used in the protocol recognition effect, in the final screen can accurately describe the fingerprint information of the agreement. According to the above steps, based on the clustering algorithm to cluster operation of data frame, and design an unsupervised feature selection algorithm based on minimuma new method for application layer protocol identification will propose in my thesis.The results of performance testing show that the new method for application layer protocol indentification is effective and feasible.