面向比特流的未知协议识别与分析技术综述

在日益严峻的网络安全形势下,为确保信息的安全性,大量的网络应用开始采用未知的私有协议进行数据传输,尤其是在军事对抗中的战场无线通信网络下,通信所采用的协议不仅未知,还有可能被加密。要从截获的通信比特流中提取可用信息并加以利用,推断出以比特流形式存在的未知协议的报文格式是首要前提。首先从整体上介绍了现有面向比特流的协议识别研究领域所涉及的主要内容,重点分析了现有未知协议格式推断方法,包括频繁模式挖掘、关联规则挖掘、比特流帧切分以及协议格式推断,最后总结其优缺点及下一步研究方向。

A Survey of Bit Stream oriented Unknown ProtocolIdentification and Analysis Techniques

In the increasingly serious network security situation, a large number of network applications are beginning to use unknown proprietary protocols for data transmission to ensure the security of the information. Moreover, the protocols for data transmission are not only unknown but also may be encrypted under the wireless communication network of military confrontation. In order to extract information available for using from bit streams intercepted, inferring the format of unknown protocol existing in the form of bit stream is the primary prerequisite. In this paper, the existing main contents of bit stream oriented protocol identification research field are introduced completely first; then the method of inferring the format of unknown protocol including frequent pattern mining, association rule mining, frame segmentation and protocol format inferring is analyzed emphatically; finally the advantages and disadvantages are summarized and future research directions are presented.