| 协议不相关的未知协议比特流特征提取方法研究 |
| |
| 引用本文: | 李进东,吴杨,王韬,雷东.协议不相关的未知协议比特流特征提取方法研究[J].军械工程学院学报,2014(6):47-52. |
| |
| 作者姓名: | 李进东 吴杨 王韬 雷东 |
| |
| 作者单位: | 军械工程学院信息工程系,河北石家庄050003 |
| |
| 基金项目: | 国家自然科学基金资助项目(61173191);军队科研计划项目 |
| |
| 摘 要: | 为从协议不相关角度提取未知协议比特流的特征值,分别从比特流中的比特0和1的频数、连续比特0和1的出现频率、固定长度分块内的比特0和1的比特频数、比特流0和1的随机游动最大偏移以及比特流0和1进行傅里叶变换后的峰值高度出发,定义了码元频数统计特征值、游程统计特征值、块内频数统计特征值、累加和统计特征值以及离散傅里叶变换统计特征值作为比特流特征向量参数.在HTTP、DNS、ICMP及TELNET数据集上的实验结果表明:采用本方法获得的未知协议比特流特征参数具有良好的可区分性,为进一步实现未知协议比特流聚类奠定了基础.
|
| 关 键 词: | 未知协议 特征值 比特流 分布 |
Research on Extraction Method for Unknown Protocol Bit Stream Eigenvalues |
| |
| LI Jin-dong,WU Yang,WANG Tao,LEI Dong.Research on Extraction Method for Unknown Protocol Bit Stream Eigenvalues[J].Journal of Ordnance Engineering College,2014(6):47-52. |
| |
| Authors: | LI Jin-dong WU Yang WANG Tao LEI Dong |
| |
| Institution: | (Information Engineering Department,Ordnance Engineering College,Shijiazhuang 050003,China) |
| |
| Abstract: | To extract the eigenvalue of unknown protocol bit stream with protocol irrelevant angle is a very important problem in the protocol identifications research.To address the problem this paper defines the following statistics eigenvalues,frequency test,run test,frequency test in block, accumulative total test and discrete Fourier transform test,as the parameters of the eigenvectors of the bit stream from the frequency of bit 0 and bit 1 ,the frequency of continuous bit 0 and bit 1 , the frequency of bit 0 and bit 1 in fixed length blocks,the displacement random walk of bit 0 and bit 1 ,the peak height of bit 0 and bit 1 after discrete Fourier transform respectively.By testing the HTTP,DNS,ICMP and TELNET data set,the experimental results show that the proposed method is feasible in discrimination of the algorithm,which lays the foundation for further clustering the bit stream of unknown protocol. |
| |
| Keywords: | unknown protocol eigenvalue bit stream distribution |
| 本文献已被 CNKI 维普 等数据库收录! |
|
