基于流感知的复杂网络应用识别模型

张洛什; 王大伟; 薛一波

doi:10.11959/j.issn.1000-436x.2015070

您当前的位置：

首页 >

文章列表页 >

基于流感知的复杂网络应用识别模型

学术论文 | 更新时间：2024-06-05

- 基于流感知的复杂网络应用识别模型
- Flow-awared identification model of sophisticated network application
- 通信学报 2015年36卷第3期页码：161-169
- 作者机构：
  
  1. 哈尔滨理工大学计算机科学与技术学院，黑龙江哈尔滨 150080
  2. 国家计算机网络应急技术处理协调中心，北京 100029
  3. 清华大学信息技术研究院，北京 100084
  4. 清华大学信息科学与技术国家实验室，北京 100084
- 作者简介：
  
  [ "张洛什（1983-），男，陕西西安人，哈尔滨理工大学博士生，主要研究方向为网络安全、协议识别以及流量管理等。" ]
  [ "王大伟（1982-），男，山东烟台人，国家计算机网络应急技术协调处理中心高级工程师，主要研究方向为计算机网络、信息安全、人工免疫。" ]
  [ "薛一波（1967-），男，山东莱阳人，清华大学研究员，主要研究方向为计算机网络和信息安全、并行处理、分布式系统。" ]
- 基金信息：
  
  国家科技支撑计划基金资助项目(2012BAH46B04)
- DOI：10.11959/j.issn.1000-436x.2015070
  中图分类号： TP393
- 网络出版日期：2015-03，
  
  纸质出版日期：2015-03-25
- 稿件说明：
移动端阅览
张洛什, 王大伟, 薛一波. 基于流感知的复杂网络应用识别模型[J]. 通信学报, 2015,36(3):161-169.

Luo-shi ZHANG, Da-wei WANG, Yi-bo XUE. Flow-awared identification model of sophisticated network application[J]. Journal of communications, 2015, 36(3): 161-169.
张洛什, 王大伟, 薛一波. 基于流感知的复杂网络应用识别模型[J]. 通信学报, 2015,36(3):161-169. DOI： 10.11959/j.issn.1000-436x.2015070.

Luo-shi ZHANG, Da-wei WANG, Yi-bo XUE. Flow-awared identification model of sophisticated network application[J]. Journal of communications, 2015, 36(3): 161-169. DOI： 10.11959/j.issn.1000-436x.2015070.

摘要

传统协议识别技术多以单网络流为识别手段，不能应对复杂网络应用多服务、多协议等特性，因此在面对复杂网络应用识别时严重失效。针对复杂网络应用的识别难题，提出了一种流感知模型，从空间、时间和流量3个维度来刻画复杂网络应用的通信特性，深度分析并挖掘了复杂网络应用的行为和状态特征；基于此模型，提出了一套快速识别复杂网络应用的方法和架构。实验结果表明，流感知模型能有效识别复杂网络应用，具有良好的识别效果。

Abstract

Traditional methods of protocol identification

which is mainly based on individual flow

lose their effective-ness as dealing with sophisticated network applications. A novel model of identifying sophisticated network applications

called flow-aware model

is addressed. This proposed model abstracts the characteristics of sophisticated network appli-cations from spatial dimension

time dimension and flow dimension

and provides the detailed analysis and deeply mining in characteristics of behaviors and states. Based on this model

a framework and method of sophisticated network appli-cations identification is proposed. The experimental results demonstrate that the proposed method can achieve the pur-pose of identifying sophisticated network applications effectively.

关键词

Keywords

references

IANA [EB/OL ] . http://www.iana.org/ http://www.iana.org/ .

SEN S , SPATSCHECK O , WANG D . Accurate, scalable in network identification of P2P traffic using application signatures [A ] . Proceedings of the 13th international conference on World Wide Web [C ] . New York, USA , 2004 . 512 - 521 .

KARAGIANNIS T , BROIDO A , BROWNLEE N , et al . Is P2P dying or just hiding? [A ] . Proceedings of the 47th annual IEEE Global Tele-communications Conference [C ] . Dallas, USA , 2004 . 1532 - 1538 .

HU C C , YI T , CHEN X F . et al . Per-flow queueing by dynamic queue sharing [A ] . Proceedings of the 26th IEEE International Conference on Computer Communications [C ] . Anchorage, Alaska , 2007 . 1613 - 1621 .

SOMMER R , PAXSON V . Enhancing byte-levelnetwork intrusion detection signatures with context [A ] . Proceedings of the 10th ACM Conference on Computer and Communications Decurity (CCS 2003) [C ] . Chicago, USA , 2003 . 262 - 271 .

SMTICH R , ESTAN C , JHA S . XFA: faster signaturematching with extended automata [A ] . Proceedings of the 2008 IEEE Symposium on Security and Privacy (sp 2008) [C ] . Oakland, USA , 2008 . 187 - 201 .

JAMES E , CARLA B , CATHERINE Behavioral authentication of server flows [A ] . Proceedings of the 19th Annual Computer Security Applications Conference [C ] . Oakland, USA , 2003 . 46 - 55 .

王一鹏，云晓春，张永铮，李书豪．基于主动学习和 SVM 方法的网络协议识别技术 [J ] ．通信学报， 2013 , 34 ( 10 ): 135 - 142 .

WANG Y P , YUN X C , ZHANG Y Z , LI S H . Network protocol iden-tification based on activelearning and SVM algorithm [J ] . Journal of Communications , 2013 , 34 ( 10 ): 135 - 142 .

AULD T , MOORE ANDREW W , STEPHEN F . Bayesian neural net-works for Internet traffic classification [J ] . IEEE Trans Neural Networks , 2007 , 18 ( 1 ): 223 - 239 .

YANG B H , HOU G D , RUAN L Y , et al . SMILER:towards proacti-cal online traffic classification [A ] . Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems [C ] . DC, USA , 2011 . 178 - 188 .

THOMAS K , KONSTANTINA P , MICHALIS F . BLINC: Multilevel traffic classification in the dark [A ] . Proceedings of the 2005 Confer-ence on Applications, Technologies, Architectures, and Protocols for Computer Communications [C ] . New York, USA , 2005 . 229 - 240 .

ANDREW M , KONSTANTINA P . Towards the accurate identification of network applications [A ] . Proceedings of 6th International Work-shop, PAM 2005 [C ] . New York, USA , 2005 . 50 - 60 .

LI C L , XUE Y B , et al . HMC: A novel mechanism for identifying encrypted P2P thunder traffic [A ] . Proceedings of Global Telecommu-nications Conference (GLOBECOM 2010) [C ] . Miami, USA , 2010 . 1 - 5 .

XU K , ZHANG Z L , BHATTACHARYYA S . Profiling Internet back-bone traffic: behavior models and applications [A ] . Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM'05) [C ] . New York, USA , 2005 . 169 - 180 .

JIN Y , SHARAFUDDIN E , ZHANG Z L . Unveiling core net-work-wide communication patterns through application traffic activity graph decomposition [A ] . Proceedings of the Eleventh International Joint Conference on Measurement and Modeling of Computer Sys-tems (SIGMETRICS '09) [C ] . New York, NY, USA , 2009 . 49 - 60 .

JIN Y , DUFFIELD N , et al . Can't see forest through the trees?under-standing mixed network traffic graphs from application class distribution [A ] . Proceedings of the 9th Workshop on Mining and Learning with Graphs (MLG 2011) [C ] . San Diego, California, USA , 2011 . 20 - 21 .

SHI X G , CHAU C K , CHIU D M . Space-efficient tracking of net-work-wide flow correlations [A ] . Proceedings of INFO-COM'2011 [C ] . Shanghai, China , 2011 . 11 - 15 .

RABINER L R . A tutorial on hidden Markov models and selected applications in speech recognition [J ] . Proceedings of the IEEE , 1889 , 77 ( 2 ): 257 - 286 .

谢柏林，余顺争．基于应用层协议分析的应用层实时主动防御系统 [J ] ．计算机学报， 2011 , 34 ( 3 ): 452 - 463 .

XIE B L , YU S Z . Application layer real-time proactive defense sys-tem based on application layer protocol analysis [J ] . Chinese Journal of Computers , 2011 , 34 ( 3 ): 452 - 463 .

KOTISANTISS. B . Supervised machine learning: a review of classifi-cation techniques [J ] . Informatica , 2007 , 31 ( 3 ): 249 - 268 .

nDPI [EB/OL ] . http://www.ntop.org/products/ndpi/ http://www.ntop.org/products/ndpi/ .

浏览量

605

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

无感状态下基于行为本体的手机用户信息安全能力评估方法

基于深度学习的域名查询行为向量空间嵌入

改进的空间协议识别算法