基于主动学习和SVM方法的网络协议识别技术

doi:10.3969/j.issn.1000-436x.2013.10.016

Abstract

Abstract:

Obtaining qualified training data for protocol identif ion generally requires domain experts to be involved,which is time-consuming and laborious.A novel approach for network protocol identification based on active learning and SVM algorithm was proposed.The experimental evaluations on real-world network traces show this approach can accurately and efficiently classify the target network protocol from mixed Internet traffic,and meanwhile display a sig-nificant reduction in the number of labeled samples.Therefore,this approach can be employed as an auxiliary tool for analyzing unknown protocols in real-world environment.

Key words: network security, protocol identification, active learning, network traces, support vector machine

Yi-peng WANG,Xiao-chun YUN,Yong-zheng ZHANG,Shu-hao LI. Network protocol identification based on active learning and SVM algorithm[J]. Journal on Communications, 2013, 34(10): 135-142.

Figures/Tables 7

References 21

[1]	Internet netflow statistics[EB/OL]. , 2010.
[2]	TCP and UDP port numbers[EB/OL]. , 2008.
[3]	ROUGHAN M , SEN S , SPATSCHECK O ,et al. Class-of-service mapping for QoS:a statistical signature-based approach to IP traffic classification[A]. Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement[C]. Taormina,Sicily,Italy, 2004. 135-148.
[4]	ZHANG J , CHEN C , XIANG Y . An effective network traffic classifi-cation method with unknown flow detection[J]. IEEE Transactions on Network and Service Management, 2013,10(1): 1-15.
[5]	KARAGIANNIS T , PAPAGIANNAKI K , FALOUTSOS M . BLINC:multilevel traffic classification in the dark[J]. SIGCOMM Computer Communication Review, 2005,35(4): 229-240.
[6]	CABALLERO J , YIN H , LIANG Z ,et al. Polyglot:automatic extrac-tion of protocol message format using dynamic binary analysis[A]. Proceedings of the 14th ACM Conference on Computer and Commu-nications Security[C]. Virginia,USA, 2007. 317-329.
[7]	LIN Z , JIANG X , XU D ,et al. Automatic protocol format reverse engineering through context-aware monitored execution[A]. Proceedings of the 15th Network and Distributed System Security Symposium[C]. California,USA, 2008. 1-17.
[8]	WONDRACEK G , MILANI P , KRUEGEL C ,et al. Automatic net-work protocol analysis[A]. Proceedings of the 16th Network and Dis-tributed System Security Symposium[C]. California,USA, 2008. 1-18.
[9]	CUI W , PEINADO M , CHEN K ,et al. Tupni:automatic reverse engi-neering of input formats[A]. Proceedings of the 15th ACM Conference on Computer and Communications Security[C]. Virginia,USA, 2008. 391-402.
[10]	HAFFNER P , SEN S , SPATSCHECK O ,et al. ACAS:automated construction of application signatures[A]. Proceedings of the 2005 ACM SIGCOMM Workshop on Mining Network Data[C]. Pennsylva-nia,USA, 2005. 197-202.
[11]	KANNAN J , JUNG J , PAXSON V ,et al. Semi-automated discovery of application session structure[A]. Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement[C]. New York,USA, 2006. 119-132.
[12]	MA J , LEVCHENKO K , KREIBICH C ,et al. Unexpected means of protocol inference[A]. Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement[C]. Rio de Janeriro,Brazil, 2006. 313-326.
[13]	CUI W , KANNAN J , WANG H J . Discoverer:automatic protocol reverse engineering from network traces[A]. Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium[C]. Boston,MA, 2007. 313-326.
[14]	FINAMORE A , MELLIA M , MEO M ,et al. KISS:stochastic packet inspection classifier for UDP traffic[J]. IEEE/ACM Tra tions on Networking, 2010,18(5): 1505-1515.
[15]	MANNING C , SCHUTZE H . Foundations of Statistical Natural Language Processing[M]. MIT Press, 1999.
[16]	ANGLUIN D . Queries and concept learning[J]. Machine Learning, 1988,2(4): 319-342.
[17]	COHN D , ATLAS L , LADNER R . Improving generalization with active learning[J]. Machine Learning, 1994,15(2): 201-221.
[18]	LEWIS D , GALE W . A sequential algorithm for training text classifi-ers[A]. Proceedings of the 17th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval[C]. New York,USA, 1994. 3-12.
[19]	SETTLES B.Active learning literature survey[EB/OL]. .
[20]	TONG S , KOLLER D . Support vector machine active learning with applications to text classification[J]. Journal of Machine Learning Research, 2002,2: 45-66.
[21]	GRINGOLI F , SALGARELLI L , DUSI M ,et al. GT:picking up the truth from the ground for internet traffic[J]. SIGCOMM Computer Communication Review, 2009,39(5): 12-18.

Metrics

Recommended 0

No Suggested Reading articles found!

Network protocol identification based on active learning and SVM algorithm

RichHTML

PDF

Knowledge

Cited

Abstract

Cite this article

share this article

Figures/Tables 7

References 21

Related Articles 15

Metrics

Recommended 0

[1]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[2]	Haiyan KANG, Molan LONG. Research on network attack analysis method based on attack graph of absorbing Markov chain [J]. Journal on Communications, 2023, 44(2): 122-135.
[3]	Hongbin ZHANG, Yan YIN, Dongmei ZHAO, Bin LIU. Network security situational awareness model based on threat intelligence [J]. Journal on Communications, 2021, 42(6): 182-194.
[4]	Tengfei ZHANG, Shunzheng YU. Research prospects of user information detection from encrypted traffic of mobile devices [J]. Journal on Communications, 2021, 42(2): 154-167.
[5]	Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254.
[6]	Tao HUANG, Jiang LIU, Shuo WANG, Chen ZHANG, Yunjie LIU. Survey of the future network technology and trend [J]. Journal on Communications, 2021, 42(1): 130-150.
[7]	Zhiyong LUO,Xu YANG,Jiahui LIU,Rui XU. Network intrusion intention analysis model based on Bayesian attack graph [J]. Journal on Communications, 2020, 41(9): 160-169.
[8]	Tao LI,Yuanbo GUO,Ankang JU. Knowledge triple extraction in cybersecurity with adversarial active learning [J]. Journal on Communications, 2020, 41(10): 80-91.
[9]	Hanxun ZHOU,Chen CHEN,Runze FENG,Junkun XIONG,Hong PAN,Wei GUO. Mobile malware traffic detection approach based on value-derivative GRU [J]. Journal on Communications, 2020, 41(1): 102-113.
[10]	Chenyang ZHAO,Junling WANG. Service recommendation method based on context-embedded support vector machine [J]. Journal on Communications, 2019, 40(9): 61-73.
[11]	JIANG Lyu,ZHANG Hengwei,WANG Jindong. Optimal strategy selection method for moving target defense based on signaling game [J]. Journal on Communications, 2019, 40(6): 128-137.
[12]	Xiaochao DANG,Yaning HUANG,Zhanjun HAO,Xiong SI. Passive indoor human daily behavior detection method based on channel state information [J]. Journal on Communications, 2019, 40(4): 160-170.
[13]	Xiaoling YIN,Xiaojiang CHEN,Qishou XIA,Juan HE,Pengyan ZHANG,Feng CHEN. Human motion state recognition based on smart phone built-in sensor [J]. Journal on Communications, 2019, 40(3): 157-169.
[14]	Zhiyong LUO, Xu YANG, Guanglu SUN, Zhiqiang XIE, Jiahui LIU. Finite automaton intrusion tolerance system model based on Markov [J]. Journal on Communications, 2019, 40(10): 79-89.
[15]	Shirui HUANG,Hengwei ZHANG,Jindong WANG,Ruiyu DOU. Network security threat warning method based on qualitative differential game [J]. Journal on Communications, 2018, 39(8): 29-36.