Research On Internet Protocol Recognition Technology Based On Datagram Fingerprint Relationship

Under complicated network enviroments,the core content for the national informatization strategy is to guarantee information security.In specific network environment,secret stealing threat by a special method is becoming increasingly serious;such secret stealing transmits secret information by means of wireless communication which adopts unconventional special unknown protocol.Current preventive measures only aim at existing common protocols.Besides,most of the measurements adopt projection methods based on port or static feature matching,which cannot supervise and detect machine type of secret stealing channel.In order to guarantee network security operation and perform early warning on the attacking and harmful actions,it is urgent for decision-makers to master the situation precisely under the network with complex structure for desiging an efficient method to recognize unknown protocols.For unknown protocols,current network security detection methods and protocol recognition methods have the following problems:Current protocol recognition methods,based on port or static feature matching,are mainly designed for known protocols and has insufficient recognition and discovery on unknown protocols.Under electronic countermeasures environment,it is an important stage to recognize unknown protocols from an intercepted communication bit stream sequence.However,there are few research achievements in the field of recognizing unknown protocols from the bit stream data.As for the preceding problems and based on the integration of current network security technologies and data exploration technologies,a solution for recogning unknown protocols based on datagram fingerprint relationships is designsed,which meets multiple aspects of the requirement such as national network security.The solution provides important reality significance in term of network security operation and macro early warning,which further promotes the capability of independent innovation of various key technologies such as national network security.The main studies and contributions of this dissertation are:(1)The recognition on the feature bit and the preamble of bit stream is realized so as to switch frames effectively: the data is processed and explored by the system referring to bit stream data,different from text data,where the bit stream data has uniqueness.As for the original feature of bit stream data,either 0 or 1,current research method based on the semantic analysis is not valid.The system proposes the matching method based on the mode which realizes statistics exploration on bit stream data feature bit of unknown protocols,which improves the performance of the traditional AC algorithm so as to match with bit stream data mode.By the recognition on feature bit and preamble,the preamble is used as the unique mark of the protocol message,which realizes accurate and efficient frame switching of the bit stream data.(2)A keyword concept is presented which is utilized to represent protocol message abstractly so as to significantly improve the efficiency of the following protocol mode recognition: we put forward a keyword concept.The protocol feature bit and the extracted frequent sequence are further screened,and bit sequences related to the protocols are merged and screened again.Generated keyword is refered to a set of bit stream sequences deep layer of protocol format,and the keyword can be used to mark protocol message and provide attribute value for protocol message.The keyword is also used as attribute extract protocol message to make the distance and similarity computation in later stage more intuitive and significantly simplify computation volume.The preceding makes the system a higher accuracy rate and efficiency compared with similar systems.(3)The partition on different protocol modes are realized to respectively extract different modes of the protocol and generate more detailed protocol fingerprint message:the system adopts a data exploration algorithm to effectively distinguish messages with different protocol modes.The protocol messages are expressed abstractly according to the attribute and message data with different protocol modes.Abstract expressions of message modes are extracted to form protocol fingerprint information,which makes the fingerprint information more detailed and diversified.The preceding brings the system a better protocol recognition function than those of other systems.