基于主动学习和SVM方法的网络协议识别技术

doi:10.3969/j.issn.1000-436x.2013.10.016

通信学报 ›› 2013, Vol. 34 ›› Issue (10): 135-142.doi: 10.3969/j.issn.1000-436x.2013.10.016

基于主动学习和SVM方法的网络协议识别技术

王一鹏^1,^2,³,云晓春^1,³,张永铮³(),李书豪³

¹ 中国科学院计算技术研究所，北京 100190
² 中国科学院大学，北京 100049
³ 中国科学院信息工程研究所，北京 100093

出版日期:2013-10-25 发布日期:2017-08-10
基金资助:
国家高技术研究发展计划(“863”计划)基金资助项目;国家高技术研究发展计划(“863”计划)基金资助项目;国家科技支撑计划基金资助项目;国家自然科学基金资助项目;国家自然科学基金资助项目

Network protocol identification based on active learning and SVM algorithm

Yi-peng WANG^1,^2,³,Xiao-chun YUN^1,³,Yong-zheng ZHANG³(),Shu-hao LI³

¹ Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190,China
² University of Chinese Academy of Sciences,Beijing 100049,China
³ Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China

Online:2013-10-25 Published:2017-08-10
Supported by:
The National High Technology Research and Development Program of China(863 Program);The National High Technology Research and Development Program of China(863 Program);The National Science and Technology Support Program;The National Natural Science Founda-tion of China;The National Natural Science Founda-tion of China

摘要/Abstract

摘要：

针对未知网络协议数据流的获取与标记工作主要依赖于领域专家。然而，样本数据量的增加会导致人工成本超过实际负荷。提出了一种新颖的未知网络协议识别方法。该方法基于主动学习算法，仅依靠原始网络数据流的载荷部分实现对未知网络协议的有效识别。实验结果表明，采用该方法设计的识别系统在保证识别准确率和召回率的前提下，能够有效地降低学习过程中标记的样本数目，更适用于实际的网络应用环境。

关键词: 网络安全, 网络协议识别, 主动学习, 网络数据流, 支持向量机

Abstract:

Obtaining qualified training data for protocol identif ion generally requires domain experts to be involved,which is time-consuming and laborious.A novel approach for network protocol identification based on active learning and SVM algorithm was proposed.The experimental evaluations on real-world network traces show this approach can accurately and efficiently classify the target network protocol from mixed Internet traffic,and meanwhile display a sig-nificant reduction in the number of labeled samples.Therefore,this approach can be employed as an auxiliary tool for analyzing unknown protocols in real-world environment.

Key words: network security, protocol identification, active learning, network traces, support vector machine

王一鹏,云晓春,张永铮,李书豪. 基于主动学习和SVM方法的网络协议识别技术[J]. 通信学报, 2013, 34(10): 135-142.

Yi-peng WANG,Xiao-chun YUN,Yong-zheng ZHANG,Shu-hao LI. Network protocol identification based on active learning and SVM algorithm[J]. Journal on Communications, 2013, 34(10): 135-142.

图/表 7

图1

图2

图3

图4

图5

图6

图7

参考文献 21

[1]	Internet netflow statistics[EB/OL]. , 2010.
[2]	TCP and UDP port numbers[EB/OL]. , 2008.
[3]	ROUGHAN M , SEN S , SPATSCHECK O ,et al. Class-of-service mapping for QoS:a statistical signature-based approach to IP traffic classification[A]. Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement[C]. Taormina,Sicily,Italy, 2004. 135-148.
[4]	ZHANG J , CHEN C , XIANG Y . An effective network traffic classifi-cation method with unknown flow detection[J]. IEEE Transactions on Network and Service Management, 2013,10(1): 1-15.
[5]	KARAGIANNIS T , PAPAGIANNAKI K , FALOUTSOS M . BLINC:multilevel traffic classification in the dark[J]. SIGCOMM Computer Communication Review, 2005,35(4): 229-240.
[6]	CABALLERO J , YIN H , LIANG Z ,et al. Polyglot:automatic extrac-tion of protocol message format using dynamic binary analysis[A]. Proceedings of the 14th ACM Conference on Computer and Commu-nications Security[C]. Virginia,USA, 2007. 317-329.
[7]	LIN Z , JIANG X , XU D ,et al. Automatic protocol format reverse engineering through context-aware monitored execution[A]. Proceedings of the 15th Network and Distributed System Security Symposium[C]. California,USA, 2008. 1-17.
[8]	WONDRACEK G , MILANI P , KRUEGEL C ,et al. Automatic net-work protocol analysis[A]. Proceedings of the 16th Network and Dis-tributed System Security Symposium[C]. California,USA, 2008. 1-18.
[9]	CUI W , PEINADO M , CHEN K ,et al. Tupni:automatic reverse engi-neering of input formats[A]. Proceedings of the 15th ACM Conference on Computer and Communications Security[C]. Virginia,USA, 2008. 391-402.
[10]	HAFFNER P , SEN S , SPATSCHECK O ,et al. ACAS:automated construction of application signatures[A]. Proceedings of the 2005 ACM SIGCOMM Workshop on Mining Network Data[C]. Pennsylva-nia,USA, 2005. 197-202.
[11]	KANNAN J , JUNG J , PAXSON V ,et al. Semi-automated discovery of application session structure[A]. Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement[C]. New York,USA, 2006. 119-132.
[12]	MA J , LEVCHENKO K , KREIBICH C ,et al. Unexpected means of protocol inference[A]. Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement[C]. Rio de Janeriro,Brazil, 2006. 313-326.
[13]	CUI W , KANNAN J , WANG H J . Discoverer:automatic protocol reverse engineering from network traces[A]. Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium[C]. Boston,MA, 2007. 313-326.
[14]	FINAMORE A , MELLIA M , MEO M ,et al. KISS:stochastic packet inspection classifier for UDP traffic[J]. IEEE/ACM Tra tions on Networking, 2010,18(5): 1505-1515.
[15]	MANNING C , SCHUTZE H . Foundations of Statistical Natural Language Processing[M]. MIT Press, 1999.
[16]	ANGLUIN D . Queries and concept learning[J]. Machine Learning, 1988,2(4): 319-342.
[17]	COHN D , ATLAS L , LADNER R . Improving generalization with active learning[J]. Machine Learning, 1994,15(2): 201-221.
[18]	LEWIS D , GALE W . A sequential algorithm for training text classifi-ers[A]. Proceedings of the 17th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval[C]. New York,USA, 1994. 3-12.
[19]	SETTLES B.Active learning literature survey[EB/OL]. .
[20]	TONG S , KOLLER D . Support vector machine active learning with applications to text classification[J]. Journal of Machine Learning Research, 2002,2: 45-66.
[21]	GRINGOLI F , SALGARELLI L , DUSI M ,et al. GT:picking up the truth from the ground for internet traffic[J]. SIGCOMM Computer Communication Review, 2009,39(5): 12-18.

基于主动学习和SVM方法的网络协议识别技术

Network protocol identification based on active learning and SVM algorithm

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 21

相关文章 15

Metrics

推荐阅读 0

[1]	赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56.
[2]	谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.
[3]	徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127.
[4]	康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135.
[5]	郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92.
[6]	张红斌, 尹彦, 赵冬梅, 刘滨. 基于威胁情报的网络安全态势感知模型[J]. 通信学报, 2021, 42(6): 182-194.
[7]	张腾飞, 余顺争. 移动设备加密流量的用户信息探测研究展望[J]. 通信学报, 2021, 42(2): 154-167.
[8]	程旭, 王莹莹, 张年杰, 付章杰, 陈北京, 赵国英. 基于空间感知的多级损失目标跟踪对抗攻击方法[J]. 通信学报, 2021, 42(11): 242-254.
[9]	黄韬, 刘江, 汪硕, 张晨, 刘韵洁. 未来网络技术与发展趋势综述[J]. 通信学报, 2021, 42(1): 130-150.
[10]	罗智勇,杨旭,刘嘉辉,许瑞. 基于贝叶斯攻击图的网络入侵意图分析模型[J]. 通信学报, 2020, 41(9): 160-169.
[11]	吴武飞,李仁发,曾刚,谢勇,谢国琪. 智能网联车网络安全研究综述[J]. 通信学报, 2020, 41(6): 161-174.
[12]	李涛,郭渊博,琚安康. 融合对抗主动学习的网络安全知识三元组抽取[J]. 通信学报, 2020, 41(10): 80-91.
[13]	周翰逊,陈晨,冯润泽,熊俊坤,潘宏,郭薇. 基于值导数GRU的移动恶意软件流量检测方法[J]. 通信学报, 2020, 41(1): 102-113.
[14]	赵晨阳,王俊岭. 基于隐含上下文支持向量机的服务推荐方法[J]. 通信学报, 2019, 40(9): 61-73.
[15]	蒋侣,张恒巍,王晋东. 基于信号博弈的移动目标防御最优策略选取方法[J]. 通信学报, 2019, 40(6): 128-137.