Private protocol message format inference method based on extended prefix tree

A message format and private protocol technology, applied in the network field, can solve the problem of dividing more redundant message formats, etc., to achieve the effect of reducing redundant message formats, strong flexibility, and enhancing practicability

Active Publication Date: 2018-02-06
ARMY ENG UNIV OF PLA
View PDF4 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For protocols with variable field positions and protocols with enumerated fields, it is easy to be divided into more redundant message formats. According to the protocol message structure and semantics, the extended prefix tree is merged to obtain an accurate protocol format.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Private protocol message format inference method based on extended prefix tree
  • Private protocol message format inference method based on extended prefix tree
  • Private protocol message format inference method based on extended prefix tree

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0034] figure 1 It is a schematic diagram of the overall implementation process of the present invention; as shown in the figure, a method for inferring the format of a private protocol message based on an extended prefix tree proposed by the present invention mainly includes the following steps:

[0035] The first is packet preprocessing. For the continuous network data flow, first segment the session at the granularity, and separate the complete sessions between communication entities one by one. Then, packet delimitation is performed to separate a single protocol packet from an independent session.

[0036] The second is protocol keyword extraction. For the preprocessed message, the N-gram word segmentation method is used to process the message, and all the strings of length N appearing in the sample set are obtained. Most of the charact...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a private protocol message format inference method based on an extended prefix tree. The method comprises the following steps of message preprocessing, protocol keyword extraction, message structure and semantic inference and protocol format combination. The method aims to solve the problems that an existing message format inference method based on network traffic is high intime complexity and low in accuracy. The N-gram segmentation method is used, protocol keywords in a private protocol are accurately judged on the basis of pointwise mutual information, a protocol keyword sequence corresponding to a message is described through the extended prefix tree, segmented multi-sequence comparison is implemented, the calculation expenditure of sequence comparison is reduced, and the accuracy of comparison results is improved. In addition, according to the characteristic that a network protocol is high in flexibility, the redundant message format is reduced through effective format combination, and the practicability of inference results is enhanced.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a method for inferring the message format of a private protocol based on an extended prefix tree, which can infer the message format of a private protocol according to the similarity in structure and semantics of similar messages. Background technique [0002] A protocol specification is a specific description of network protocol syntax, semantics, and synchronization information, and plays an important role in the field of network security. In botnets, attackers use the C&C (Command and Control) protocol to control vulnerable hosts to implement distributed denial of service attacks. Network administrators need to discover and analyze botnets according to the C&C protocol specification. In the field of intrusion detection, it is necessary to identify malicious traffic from complicated network traffic based on protocol specifications. In the process of fuzz testing, it is necess...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F17/27H04L29/06G06F17/22
CPCG06F40/151G06F40/30H04L69/06H04L69/22
Inventor 洪征田益凡吴礼发张洪泽李华波周振吉薛迪黄康宇
Owner ARMY ENG UNIV OF PLA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap