通信学报 ›› 2016, Vol. 37 ›› Issue (6): 119-128.doi: 10.11959/j.issn.1000-436x.2016121

• 学术论文 • 上一篇    下一篇

基于最大似然概率的协议关键词长度确定方法

罗建桢1,余顺争2,蔡君1   

  1. 1 广东技术师范学院电子与信息学院,广东 广州 510665
    2 中山大学电子与信息工程系,广东 广州 510006
  • 出版日期:2016-06-25 发布日期:2017-08-04
  • 基金资助:
    国家自然科学基金资助项目;国家自然科学基金资助项目;广东省自然科学基金资助项目;广东省自然科学基金资助项目;广东省教育厅特色创新项目(自然科学)基金资助项目;广东省高校优秀青年教师基金资助资助项目;广东省应用型科技研发专项基金资助项目;广东省科技计划基金资助项目;广东省教育厅省级重大基金资助项目;广东省普通高校国际合作重大基金资助项目;广东省公益研究与能力建设专项基金资助项目

Method for determining the lengths of protocol keywords based on maximum likelihood probability

Jian-zhen LUO1,Shun-zheng YU2,Jun CAI1   

  1. 1 School of Electronic and Information,Guangdong Polytechnic Normal University,Guangzhou 510665,China
    2 School of Information Science and Technology,Sun Yat-Sen University,Guangzhou 510006,China
  • Online:2016-06-25 Published:2017-08-04
  • Supported by:
    The National Natural Science Foundation of China;The National Natural Science Foundation of China;The Natural Science Foundation of Guangdong Province;The Natural Science Foundation of Guangdong Province;Guangdong Provincial Department of Education Innovation Project;The Excellent Young Teachers in Universities in Guangdong Province;Guangdong Provincial Application-Oriented Technical Research and Development Special;Science and Technology Planning Project of Guangdong Province;Science and Technology Major Project of Education Department of Guangdong Province;International Scientific and Technological Cooperation Projects of Education Department of Guangdong Province;Science and Technology Project of Guangdong Province

摘要:

提出非齐次左—右型级联隐马尔可夫模型,用于应用层网络协议报文建模,描述状态之间的转移规律和各状态的内部相位变化规律,刻画报文的字段跳转规律和字段内的马尔可夫性质,基于最大似然概率准则确定协议关键词的长度,推断协议关键词,自动重构协议的报文格式。实验结果表明,所提出方法能有效地识别出协议关键词和重构协议报文格式。

关键词: 隐马尔可夫模型, 协议逆向工程, 网络安全, 报文格式

Abstract:

A left-to-right inhomogeneous cascaded hidden Markov modelwas proposed and applied to model application protocol messages.The proposed modeldescribed the transition probabilities between states and the evolution rule of phases inside the states,revealed the transition feature ofmessage fields and the left-to-right Markov characteristicsinside the fields.The protocol keywords were inferred by selecting lengths with maximum likelihood probability,and then the message format was recovered.The experimental results demonstrated that the proposed method perform well in protocol keyword extraction and message format recovery.

Key words: hidden Markov model, protocol reverse engineering, network security, message format

[1] 刘伯涛. 移动回传的融合之路[J]. 电信科学, 2009, 25(11): 91 -93 .
[2] 鲜永菊,董灿,张祖凡,吴东伟. LTE-A载波聚合下的载波切换分析[J]. 电信科学, 2009, 25(12): 46 -50 .
[3] 王俊波,陈 明. 单业务TDD-CDMA系统上行用户容量分析[J]. 通信学报, 2007, 28(6): 8 -53 .
[4] 张 静,胡华平,刘 波,肖枫涛. 基于ASPQ的LDoS攻击检测方法[J]. 通信学报, 2012, 33(5): 10 -84 .
[5] 牛德华,马建峰,马卓,李辰楠,王蕾. 基于属性的安全增强云存储访问控制方案[J]. 通信学报, 2013, 34(Z1): 37 -284 .
[6] 刘 龙,宋琦军,赵太飞,元向辉. 基于运动矢量时-空特性的快速运动估计算法研究[J]. 通信学报, 2013, 34(1): 14 -127 .
[7] 王亚石,闵丽娟,周严. OSS/BSS一体化及其与ITSM的融合[J]. 电信科学, 2014, 30(6): 17 -23 .
[8] 彭俊宇,蔡孙增,朱正航,徐景,周婷. 基于MIMO-OFDM的高频段Gbit/s通信系统设计和实现[J]. 电信科学, 2014, 30(6): 95 -101 .
[9] 杨春刚,盛敏,董延杰,李建东,李红艳,刘勤. 认知网络中基于网络辅助的速率控制方法[J]. 通信学报, 2013, 34(5): 15 -135 .
[10] 葛仕明,程义民,曾 丹. 基于边缘方向投影的图像块修复方法[J]. 通信学报, 2008, 29(1): 5 -38 .