| With the rapid development of modern network technology,a variety of network applications have emerged,and the emergence of new network services has brought a large number of unknown protocols,which make the current network environment increasingly complex and the frequency of network security problems is also increasing.The unknown protocol specifications are not public and there are many types of unknown protocols,and the existing network protocol analysis methods and tools are analyzed and identified under the condition of knowing all the information of the protocols,which cannot be applied to unknown protocols.Therefore,how to accurately and efficiently identify unknown protocol types and message types is of great importance to maintain network security and implement network monitoring.Protocol reverse engineering is widely used in the research of unknown protocols because it can analyze network protocols without a priori knowledge.In this paper,we start from the technical perspective of the first two stages of protocol inversion,i.e.,data classification and format extraction,and draw on deep learning and cutting-edge clustering algorithms in machine learning to classify protocol types and cluster message types for unknown protocols at the application layer.The main research results of the paper are as follows.1.A double characteristics-based unknown protocol types classification method is proposed and implemented.This method uses neural networks to composite the statistical characteristics of the external characteristics and the bitmap features of the intrinsic characteristics into a new type of feature for the network data flow.First,use the autoencoder to reduce the dimensionality of the filtered statistical features.After that,the data stream is converted into a grayscale plot for feature extraction,which uses a residual neural network to avoid loss during feature extraction.Finally,the compressed statistical features and bitmap features are used as data inputs,and the fully connected neural network is used to predict the protocol type.Experimental results show that the proposed method can effectively classify network data streams,verify its feasibility,and have higher accuracy than other unknown protocol classification methods.2.The method of hierarchical density-based clustering for unknown protocol message types is proposed and implemented.The method draws on the idea of unsupervised learning in machine learning,and takes binary protocol message clustering as the research goal.Firstly,the format extraction technique in protocol reverse engineering is used to segment the protocol messages into fields,and a new method for calculating the similarity of protocol messages is given with this premise,which considers the existence of frequent sequences in the protocol fields that can well reflect the message types.Finally,the analysis of protocol message types is completed using a clustering algorithm based on hierarchical density.The experimental results show that this method can achieve clustering of protocol message types more accurately and efficiently than the densitybased clustering method for unknown protocol messages. |
PDF Full Text Request