通信学报 ›› 2016, Vol. 37 ›› Issue (6): 119-128.doi: 10.11959/j.issn.1000-436x.2016121

• 学术论文 • 上一篇    下一篇

基于最大似然概率的协议关键词长度确定方法

罗建桢1,余顺争2,蔡君1   

  1. 1 广东技术师范学院电子与信息学院,广东 广州 510665
    2 中山大学电子与信息工程系,广东 广州 510006
  • 出版日期:2016-06-25 发布日期:2017-08-04
  • 基金资助:
    国家自然科学基金资助项目;国家自然科学基金资助项目;广东省自然科学基金资助项目;广东省自然科学基金资助项目;广东省教育厅特色创新项目(自然科学)基金资助项目;广东省高校优秀青年教师基金资助资助项目;广东省应用型科技研发专项基金资助项目;广东省科技计划基金资助项目;广东省教育厅省级重大基金资助项目;广东省普通高校国际合作重大基金资助项目;广东省公益研究与能力建设专项基金资助项目

Method for determining the lengths of protocol keywords based on maximum likelihood probability

Jian-zhen LUO1,Shun-zheng YU2,Jun CAI1   

  1. 1 School of Electronic and Information,Guangdong Polytechnic Normal University,Guangzhou 510665,China
    2 School of Information Science and Technology,Sun Yat-Sen University,Guangzhou 510006,China
  • Online:2016-06-25 Published:2017-08-04
  • Supported by:
    The National Natural Science Foundation of China;The National Natural Science Foundation of China;The Natural Science Foundation of Guangdong Province;The Natural Science Foundation of Guangdong Province;Guangdong Provincial Department of Education Innovation Project;The Excellent Young Teachers in Universities in Guangdong Province;Guangdong Provincial Application-Oriented Technical Research and Development Special;Science and Technology Planning Project of Guangdong Province;Science and Technology Major Project of Education Department of Guangdong Province;International Scientific and Technological Cooperation Projects of Education Department of Guangdong Province;Science and Technology Project of Guangdong Province

摘要:

提出非齐次左—右型级联隐马尔可夫模型,用于应用层网络协议报文建模,描述状态之间的转移规律和各状态的内部相位变化规律,刻画报文的字段跳转规律和字段内的马尔可夫性质,基于最大似然概率准则确定协议关键词的长度,推断协议关键词,自动重构协议的报文格式。实验结果表明,所提出方法能有效地识别出协议关键词和重构协议报文格式。

关键词: 隐马尔可夫模型, 协议逆向工程, 网络安全, 报文格式

Abstract:

A left-to-right inhomogeneous cascaded hidden Markov modelwas proposed and applied to model application protocol messages.The proposed modeldescribed the transition probabilities between states and the evolution rule of phases inside the states,revealed the transition feature ofmessage fields and the left-to-right Markov characteristicsinside the fields.The protocol keywords were inferred by selecting lengths with maximum likelihood probability,and then the message format was recovered.The experimental results demonstrated that the proposed method perform well in protocol keyword extraction and message format recovery.

Key words: hidden Markov model, protocol reverse engineering, network security, message format