计算机工程与应用2018,Vol.54Issue(12):14-20,7.DOI:10.3778/j.issn.1002-8331.1803-0494
基于扩展前缀树的协议格式推断方法
Extended prefix tree based protocol format inference
摘要
Abstract
Network protocol format inference is of great significance in many network security applications. Most existing protocol format inference methods suffer from high computation complexity and low accuracy. A extended prefix tree based protocol format inference method is proposed in the paper. Firstly, the candidate keywords are obtained through N-gram word segmentation and merged into protocol keywords of different lengths according to mutual information. On the basis of protocol keywords, the extended prefix tree is constructed according to protocol keyword sequences, and the initial clustering is performed on the extended tree. Then, through segmental multiple sequence alignment based on the extended prefix tree, the similar format will be combined and the precise protocol format can be obtained. Compared with traditional format inference methods, the proposed method reduces the time complexity of inference. Experimental results show that the proposed method performs well for both text protocols and binary protocols.关键词
协议格式推断/互信息/扩展前缀树/多序列比对算法Key words
protocol format inference/mutual information/extended prefix tree/multiple sequence alignment algorithm分类
信息技术与安全科学引用本文复制引用
洪征,田益凡,张洪泽,吴礼发..基于扩展前缀树的协议格式推断方法[J].计算机工程与应用,2018,54(12):14-20,7.基金项目
国家重点研发计划(No.2017YFB0802900). (No.2017YFB0802900)
