面向密码协议在线安全性的监测方法

doi:10.11959/j.issn.1000-436x.2016293

Abstract

Abstract:

Previous methods can not detect the low-interaction attacks of protocol logic.A cryptographic protocol online monitoring approach named CPOMA was presented.An ontology framework of cryptographic protocol features was constructed for the unified description of cryptographic protocol features with different types.Based on the framework,a feature weighting method was proposed by fuzzy subspace clustering first,and the individualized feature database of cryptographic protocols was built.On this basis,a self-learning method was presented for protocol identification and session rebuilding,and then abnormal protocol sessions were detected online.Experimental results show that CPOMA can identify protocols,rebuild sessions,detect abnormal sessions efficiently,and can improve the online security of cryptographic protocols.

Key words: cryptographic protocol identification, session rebuilding, online security, ontology, subspace clustering

Yu-na ZHU,Ji-hong HAN,Lin YUAN,Yu-dan FAN,Han-tuo CHEN,Wen GU. Monitoring approach for online security of cryptographic protocol[J]. Journal on Communications, 2016, 37(6): 75-85.

Figures/Tables 10

References 24

[1]	BERNAILLE L , TEIXEIRA R . Early recognition of encrypted applications[C]// The 8th International Conference on Passive and Active Network Measurement. Belgium, 2007: 165-175.
[2]	HAFFNER P , SEN S , SPATSCHECKO ,et al. ACAS:automated construction of application signatures[C]// ACM SIGCOMM Workshop on Mining Network Data. Philadelphia,PA,USA, 2005: 197-202.
[3]	MOORE A , ZUEV D , CROGAN M . Discriminators for use in flow-based classification:technical report,RR-05-13[R]. UK:Quecn Mayr University of London, 2005.
[4]	BERNAILLE L , TEIXEIRA R , SALAMATIAN K . Early application identification[C]// ACM CoNEXT,Lisboa,Portugal, 2006.
[5]	ZHANG J , XIANG Y , WANG Y ,et al. Network traffic classification using correlation information[J]. IEEE Transactions on Parallel ＆Distributed Systems, 2013,24(1): 104-117.
[6]	BARALIS E M , MELLIA M , GRIMAUDO L . Self-learning classifier for internet traffic[J]. IEEE INFOCOM,Turin,Italy, 2013,11(2): 423-428.
[7]	DIVAKARAN D M , SU L , LIAU Y S ,et al. SLIC:self-learning intelligent classifier for network traffic[J]. Computer Networks, 2015,91: 283-297.
[8]	XIE G W , ILIOFOTOU M , KERALAPURA R ,et al. SubFlow:Towards practical flow-level traffic classification[C]// IEEE INFOCOM. Orlando,Florida,USA, 2012: 2541-2545.
[9]	ACETO G , DAINOTTI A , DONATO W ,et al. PortLoad:taking the best of two worlds in traffic classification[C]// IEEE INFOCOM. San Diego, 2010: 1-5.
[10]	DONATO WD , PESCAPè A , DAINOTTI A . TIE:a community-oriented traffic classification platform[C]// International Workshop on Traffic Monitoring and Analysis(TMA),Springer Berlin Heidelberg. 2009.
[11]	LEE S , KIM H-C , BARMAN D ,et al. NeTraMark:a network traffic classification benchmark[C]// ACM SIGCOMM. Toronto,ON,Canada, 2011.
[12]	张众, 杨建华, 谢高岗 . 高效可扩展的应用层流量识别架构[J]. 通信学报, 2008,29(12): 22-31. ZHANG Z , YANG J H , XIE G G . Efficient and extensible architecture of traffic identification at application layer[J]. Journal on Communications, 2008,29(12): 22-31.
[13]	BEDDOE M . The Protocol information project[EB/OL]. .
[14]	CUI W D , KANNAN J , WANG H J . Discoverer:automatic protocol reverse engineering from network traces[C]// The 16th USENIX Security Symposium on USENIX Security Symposium. Berkeley:USENIX, 2007: 199-212.
[15]	朱玉娜, 韩继红, 袁霖 ,等. SPFPA:一种面向未知密码协议的格式解析方法[J]. 计算机研究与发展, 2015,52(10): 2200-2211. ZHU Y N , HAN J H , YUAN L ,et al. SPFPA:a format parsing approach for unknown security protocols[J]. Journal of Computer Research and Development, 2015,52(10): 2200-2211.
[16]	JOGLEKAR S P , TATE S R . Protomon:embedded monitors for cryptographic protocol intrusion detection and prevention[C]// International Conference on Information Technology:Coding and Computing,2004.ITCC 2004. IEEE, 2004,1: 81-88.
[17]	LECKIE T , YASINSAC A . Metadata for anomaly-based security protocol attack deduction[J]. IEEE Transactions on Knowledge and Data Engineering, 2004,16(9): 1157-1168.
[18]	FADLULLAH Z M , TALEB T , ANSARI N ,et al. Combating against attacks on encrypted protocols[C]// In Communications,IEEE International Conference on ICC'07. 2007: 1211-1216.
[19]	FADLULLAH Z M , TALE B T , VASIAKOS A V ,et al. DTRAB:combating against attacks on encrypted protocols through traffic-feature analysis[J]. IEEE/ACM Transactions on Networking (TON), 2010,18(4): 1234-1247.
[20]	YASINSAC A . An environment for security protocol intrusion detection[J]. Journal of Computer Security, 2002,10(1/2): 177-188.
[21]	MAEDCHE A . Ontology learning for the semantic Web[M]. Boston: Kluwer Academic PublishersPress, 2002.
[22]	GAN G , WU J . A convergence theorem for the fuzzy subspace clustering (FSC)algorithm[J]. Pattern Recognition, 2008,41(6): 1939-1947.
[23]	朱玉娜, 韩继红, 袁霖 ,等. 基于主体行为的多方密码协议会话识别方法[J]. 通信学报, 2015,11(36): 190-200. ZHU Y N , HAN J H , YUAN L ,et al. Towards session identification using principal behavior for multi-party secure protocol[J]. Journal on Communications, 2015,11(36): 190-200.
[24]	KHAKPOUR A R , LIU A X . High-speed flow nature identification[C]// International Conference on Distributed Computing Systems. Montreal,Canada, 2009: 510-517.

Metrics

Recommended 0

No Suggested Reading articles found!

协议	流数量	数据来源
SSL	2 950	WAN
SSH	270 548	InfoVisContest
NS	2 000	LAN
Skype	2 000	Tstat
http	2 000	WAN
FTP	2 000	WAN

测试集	流量	识别比例	自学习结果
1	SSL、SSH、NS	95.43%	较好识别SSL、SSH、NS协议
2	SSL、SSH、NS、Http、FTP	57.2%	Http、FTP判定为非密码协议
3	SSL、SSH、NS、Skype、加密数据传输	56.4%	Skype判定为未知密码协议，加密数据传输判定为非密码协议
4	SSL、SSH、NS、Http、FTP、Skype	63.9%	Skype协议识别率为97.2%

Monitoring approach for online security of cryptographic protocol

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 24

Related Articles 11

Metrics

Recommended 0

[1]	Yingze LIU, Yuanbo GUO, Chen FANG, Yongfei LI, Qingli CHEN. Intelligent planning method for cyber defense strategies based on bounded rationality [J]. Journal on Communications, 2023, 44(5): 52-63.
[2]	Ao LI, Zhuo WANG, Xiaoyang YU, Deyun CHEN, Yingtao ZHANG, Guanglu SUN. Robust multiview subspace clustering method based on multi-kernel low-redundancy representation learning [J]. Journal on Communications, 2021, 42(11): 193-204.
[3]	Cheng-cheng MAI,Bo CHEN,Jia-kun ZHOU,Ling YU. Evaluation method for information security capability of mobile phone user based on behavior ontology under unconscious condition [J]. Journal on Communications, 2016, 37(Z1): 156-167.
[4]	De-yan CHEN,Hong ZHAO,Xia ZHANG,Li-jun ZHAO,An PING. Study on semantic Web security [J]. Journal on Communications, 2012, 33(Z2): 45-59.
[5]	Jian-xin LIAO,Xiu-lei LIU,Xiao-min ZHU,Hai-feng SUN,Jing-yu WANG. Extending structural subsumption reasoning algorithms for ontology matching [J]. Journal on Communications, 2012, 33(8): 190-199.
[6]	Huan ZHAO,Ren-fa LI,Jia-qin WANG,Zai-mei ZHANG. Research on an ontology concept similarity calculation approach based on the integrated multilayer information [J]. Journal on Communications, 2009, 30(6): 135-141.
[7]	Yan-ning FU,Lei LIU,Cheng-zhi JIN. Service chain-based approach for Web service composition [J]. Journal on Communications, 2007, 28(7): 92-97.
[8]	Zheng ZHANG,Chun ZUO,Yu-guo WANG. Web service discovery method based on semantic expansion [J]. Journal on Communications, 2007, 28(1): 57-63.
[9]	Gui-ling WANG,Shao-hua ZHANG,Mei-lin SHI. Workflow-oriented organizational memory description model and implementation [J]. Journal on Communications, 2006, 27(11): 7-13.
[10]	Qing HE,Yong TANG,Yong-zhao HUANG. Using OWL time ontology for workflow modeling and verification [J]. Journal on Communications, 2006, 27(11): 36-41.
[11]	Mei-rong CAO,Qing YAO. Research of business process management system based on ontology [J]. Journal on Communications, 2006, 27(11): 67-72.