Research And Implementation Of Automatic Protocol Classification Technology Based On Network Traffic

With the rapid development of the Internet,network security has gradually become the focus topic of people today.At the same time,the demand for network security management,unknown protocol analysis and network attack analysis have also increased.The importance of network traffic classification as the basis for the above needs is selfevident.Traditional port-based protocol classification methods are no longer suitable for today's network environment,while payload-based protocol classification methods and host behavior-based protocol classification methods cannot be applied to unknown protocols,so more and more researchers are working on machine learning-based protocol classification methods.In order to classify unknown protocols,we need to use an unsupervised learning-based protocol classification method.Traditional protocol classification methods based on unsupervised learning are mostly combined with feature extraction methods based on flow statistics.Compared with extracting features for a single packet,stream-based feature extraction is stronger,and the number of features that can be extracted is greater.But for some protocols,this method of feature extraction based on flow statistics is not universal enough.This thesis proposes an auto-protocol classification(APD)method based on network traffic,which uses a more general feature extraction method.Therefore,each protocol can be better identified,and the same is applied to the unknown protocols.This thesis uses a method similar to image processing to extract session features,and changes the feature extraction method from traditional traffic statistics to singular value decomposition of pictures.At the same time,the classification module combines the two parts of the clustering module and the classification module.The classification module realizes the identification and filtering of known protocols,and the clustering module performs more fine-grained classification of unknown protocols.In addition,by training the clustering results,we can achieve the purpose of dynamically increasing the identifiable protocol categories.When the system was implemented,two feedback modules were added to verify the clustering results and the new protocol identification plug-in to improve the accuracy of the system classification.Finally,through experiments,it is shown that the feature extraction method based on the conversation stream image has stronger stability and versatility,and can be applied to various types of network protocols,so that better protocol identification results can be obtained.And the APD method is applicable to the case where there are a large number of unknown protocols,and the protocols can be classified without priori knowledge.