Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for mining unknown network protocol hidden behaviors through clustering instruction sequences

A technology of instruction sequence and cluster mining, applied in the field of network security, can solve the problems of no protocol security and limited protocol information, achieve high analysis efficiency and accuracy, and improve the effect of speed and accuracy

Inactive Publication Date: 2016-06-15
XIDIAN UNIV +1
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Although these methods have solved the problem of reverse analysis of the protocol format, they have not solved the security problem of protocol operation from the perspective of protocol behavior. The protocol information obtained by these methods is very limited, and the reverse analysis of the protocol is far more than that. In fact, the behavior of the protocol has a more direct and fundamental impact on network security, so the mining and analysis technology of the behavior of the protocol, especially the hidden behavior, has important and extensive application prospects.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for mining unknown network protocol hidden behaviors through clustering instruction sequences
  • Method for mining unknown network protocol hidden behaviors through clustering instruction sequences
  • Method for mining unknown network protocol hidden behaviors through clustering instruction sequences

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention is suitable for figure 1 The network topology shown, the scene includes one analysis server and several clients running the protocol; each client is connected to the analysis server; the Wireshark tool is configured on each client to capture and analyze the protocol packets, and the analysis server is connected to Radcom hardware analysis The instrument performs secondary analysis on the protocol data packets; configures the self-developed HiddenDisk virtual analysis platform on the client computer, performs cluster analysis of the instruction sequence of the protocol program, mines the hidden behavior of the protocol, and evaluates the operating security of the protocol; each client computer will automatically The analysis result is transmitted to the analysis server, and after the analysis server performs correlation analysis, a protocol operation security assessment report is generated.

[0028] refer to figure 2 , the present invention utiliz...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an instruction sequence cluster mining method for concealed behavior of an unknown network protocol, which mainly solves the problem that the existing protocol reverse analysis method only analyzes the format of the protocol message, but cannot analyze the protocol behavior, especially the hidden behavior. The implementation steps are: (1) divide and mark all the instructions of the protocol program into three types of genetic instructions; (2) cluster the instruction sequence; (3) calculate the protocol behavior; (4) find the comparison instructions before all potential hidden behaviors , extract the constants involved in the comparison, use these constants to replace the relevant fields in the protocol message, generate new messages with triggering capabilities, and use the new messages to trigger potential hidden behaviors; (5) Calculate the three types of genes between hidden behaviors and known behaviors The absolute difference RS of the instruction distribution rate, if RS>0.3, the protocol operation is not safe, and the protocol has malicious behavior; otherwise, the protocol operation is safe, and the mining is over. The invention improves the speed and accuracy of excavation, and can serve more users and wider application fields.

Description

technical field [0001] The invention belongs to the field of network security, relates to network protocol reverse analysis and behavior analysis, and specifically refers to a method for mining unknown network protocol hidden behavior by clustering instruction sequences, which can be used for network security situation perception and threat location. Background technique [0002] Network protocols are the fundamental cornerstone of cyberspace and one of the most important infrastructures in the information age. In recent years, network security incidents have emerged one after another due to insufficient understanding of the behavior of unknown network protocols. The fundamental status of network protocols and the insufficiency of our research on their hidden behaviors have brought major hidden dangers to our information security, national defense security and national security. The losses already caused and potential losses are incalculable. The research and analysis of th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/20
Inventor 胡燕京裴庆祺庞辽军
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com