| The widely use of wireless network communication(WNC)on military has made a great challenge on traditional communication reconnaissance pattern based on radio frequency signal feature analysis and power compaction.Through analyzing and identifying the protocol of physical-layer,link-lay and network-layer,and then making smart jamming and attack on WNC by faint radio frequency power,has a significant military meaning to network-electronic integration confrontation.According to the structure division of the OSI seven-layer network system,link-layer protocol is an indispensable part of the system connecting the proceeding and the following,making link-layer protocol analysis appeal to more and more attention.However,for battlefield wireless network,the definition of link-layer protocol frame form is generally closed.So how to make frame segmentation on link-layer bit stream sequence and on the basis of which,realize the analysis of link-layer unknown protocol has become a difficulty of battle field wireless network protocol analysis.In this dissertation,the link-layer unknown protocol analysis technique facing to bit stream has been studied.The present network protocol analysis methods has problems on following three aspects:(1)The object of current protocol analysis method mainly consists of known protocol or the protocol that have fixed format or special features.And the present method are mainly faced to application-layer,which are hard to adapt to the analysis of link-layer unknown protocol.(2)Some link-layer unknown protocol analysis methods performances depend too much on the accuracy of statistics of frequent sequences.However,the present frequent sequence statistical methods have high computation complexity,low accuracy and are not adaptable to binary bit stream data.(3)The synchronization fields captured by present link-layer unknown protocol frame segmentation algorithms are usually redundant or incomplete.The present methods can't realize effective unique segmentation.They can only provide multiple possible segmentation results.The link-layer unknown protocol analysis technique facing to bit stream is explored in this dissertation.Firstly,the relevant concepts and fundamental knowledges of link-layer protocol,foreign and domestic research of the analysis methods and the problems existing to be solved are introduced briefly.And then the dissertation is developed by the study on three aspects: bit stream frequent sequence statistic,link-layer bit stream data frame segmentation and link-layer unknown protocol frame address analysis.Three new methods are proposed and finally validated on the practical Ad Hoc network link-layer bit steam dataset of Pathmaker network radio and wireless WiFi network link-layer bit stream dataset.Finally,the three methods are applied on the engineering of protocol analysis function platforms.The main works are summarized as follows:(1)Aiming at the problem that classical multimodal matching algorithms have high computation complexity and are not adaptive to binary bit stream data,a link-layer bit stream frequent sequences statistic method based on improved Aho-Corasick(AC-IM)is proposed to count the frequent sequences of link-layer bit stream data.According to the characteristics of bit stream frequent sequences,and on the basis of classic AC multimodal matching algorithm,we constructed a maximum skipping table of character string and two Hashtable to measure the dissimilarity of pattern matching,taking the place of the classic method that using finite-state machine and dictionary tree for measurement.The experiments were operated on the bit stream dataset of practical wireless WiFi network link-layer and the one of Ad Hoc network link-layer consisting of Pathmaker network radios.The experiment results showed that,compared with other improved AC algorithms,the AC-IM has the advantages of low time complexity,high pattern matching efficiency and adaptability on binary bit stream data frequent sequences statistic.(2)Aiming at the problem that present link-layer unknown protocol frame segmentation algorithms cannot realize effective unique segmentation,a link-layer bit stream data frame segmentation algorithm based on graph theory is proposed.On the basis of frequent sequences statistic,the double association rules between sequences are firstly tapped.Then all the double association rules are reorganized to generate double association rule digraph according to certain regulation.After that,distribute coordinates to the sequence node of digraph and integrate all the double association rules that participated in forming the digraph.Then the multiple association rules are constructed.Finally,by judging the rationality of the multiple association and adjusting the minimum confidence level to guarantee the output correct and unique,we realize the effective segmentation of link-layer bit stream data frame.The performances of the algorithm proposed is identified by the bit stream dataset of practical wireless WiFi network link-layer and the one of Ad Hoc network link-layer consisting of Pathmaker network radios.(3)A link-layer unknown protocol frame address analysis method facing to bit stream is presented.Firstly,construct a matrix by data stream of single frame after segmentation.Secondly,according to the characteristics that the character segment information of link-layer data frame address is in descending order and the address character segment information location are fixed,set the minimum processing unit to be 1bit,2bit and 3bit,respectively.Then combine the statistical theory and loop through to search the frequent address pairs by columns.After that,mosaic the address pairs to confirm the accuracy of found protocol address.Finally,the experiment results based on the bit stream dataset of practical wireless WiFi network link-layer and the one of Ad Hoc network link-layer consisting of Pathmaker network radios showed that,the frame address information accuracy of the algorithm proposed can reach over 80% when the frame segmentation is not ideal. |
PDF Full Text Request