面向密码协议在线安全性的监测方法

朱玉娜; 韩继红; 袁霖; 范钰丹; 陈韩托; 谷文

doi:10.11959/j.issn.1000-436x.2016293

您当前的位置：

首页 >

文章列表页 >

面向密码协议在线安全性的监测方法

学术论文 | 更新时间：2024-06-05

- 面向密码协议在线安全性的监测方法
- Monitoring approach for online security of cryptographic protocol
- 通信学报 2016年37卷第6期页码：75-85
- 作者机构：
  
  1. 解放军信息工程大学三院，河南郑州 450001
  2. 解放军91033部队，山东青岛 266035
- 作者简介：
  
  [ "朱玉娜（1985-），女，山东菏泽人，解放军信息工程大学博士生，主要研究方向为安全协议逆向与识别。" ]
  [ "韩继红（1966-），女，山西定襄人，博士，解放军信息工程大学教授、博士生导师，主要研究方向为网络与信息安全、安全协议形式化分析与自动化验证。" ]
  [ "袁霖（1981-），男，河南商丘人，博士，解放军信息工程大学副教授，主要研究方向为安全协议形式化分析与自动化验证、软件可信性分析。" ]
  [ "范钰丹（1982-），女，河南邓州人，解放军信息工程大学讲师，主要研究方向为安全协议形式化分析与自动化验证。" ]
  [ "陈韩托（1990-），男，浙江奉化人，解放军信息工程大学硕士生，主要研究方向为协议在线安全性分析。" ]
  [ "谷文（1992-），男，湖南圭阳人，解放军信息工程大学硕士生，主要研究方向为安全协议形式化分析与验证。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61309018)
- DOI：10.11959/j.issn.1000-436x.2016293
  中图分类号： TP393.08
- 网络出版日期：2016-06，
  
  纸质出版日期：2016-06-25
- 稿件说明：
移动端阅览
朱玉娜, 韩继红, 袁霖, 等. 面向密码协议在线安全性的监测方法[J]. 通信学报, 2016,37(6):75-85.

Yu-na ZHU, Ji-hong HAN, Lin YUAN, et al. Monitoring approach for online security of cryptographic protocol[J]. Journal on communications, 2016, 37(6): 75-85.
朱玉娜, 韩继红, 袁霖, 等. 面向密码协议在线安全性的监测方法[J]. 通信学报, 2016,37(6):75-85. DOI： 10.11959/j.issn.1000-436x.2016293.

Yu-na ZHU, Ji-hong HAN, Lin YUAN, et al. Monitoring approach for online security of cryptographic protocol[J]. Journal on communications, 2016, 37(6): 75-85. DOI： 10.11959/j.issn.1000-436x.2016293.

摘要

为解决现有方法无法在线监测协议逻辑进行的低交互型攻击的问题，提出一种密码协议在线监测方法CPOMA。首先构建面向密码协议的特征项本体框架，以统一描述不同类型的特征项，并基于该框架首次利用模糊子空间聚类方法进行特征加权，建立个体化的密码协议特征库；在此基础上给出自学习的密码协议识别与会话实例重构方法，进而在线监测协议异常会话。实验结果表明，CPOMA不仅能够较好地识别已知协议、学习未知协议、重构会话，而且能够有效在线监测协议异常会话，提高密码协议在线运行的安全性。

Abstract

Previous methods can not detect the low-interaction attacks of protocol logic.A cryptographic protocol online monitoring approach named CPOMA was presented.An ontology framework of cryptographic protocol features was constructed for the unified description of cryptographic protocol features with different types.Based on the framework

a feature weighting method was proposed by fuzzy subspace clustering first

and the individualized feature database of cryptographic protocols was built.On this basis

a self-learning method was presented for protocol identification and session rebuilding

and then abnormal protocol sessions were detected online.Experimental results show that CPOMA can identify protocols

rebuild sessions

detect abnormal sessions efficiently

and can improve the online security of cryptographic protocols.

关键词

Keywords

references

BERNAILLE L , TEIXEIRA R . Early recognition of encrypted applications [C ] // The 8th International Conference on Passive and Active Network Measurement . Belgium , 2007 : 165 - 175 .

HAFFNER P , SEN S , SPATSCHECKO , et al . ACAS:automated construction of application signatures [C ] // ACM SIGCOMM Workshop on Mining Network Data . Philadelphia,PA,USA , 2005 : 197 - 202 .

MOORE A , ZUEV D , CROGAN M . Discriminators for use in flow-based classification:technical report,RR-05-13 [R ] . UK:Quecn Mayr University of London , 2005 .

BERNAILLE L , TEIXEIRA R , SALAMATIAN K . Early application identification [C ] // ACM CoNEXT,Lisboa,Portugal , 2006 .

ZHANG J , XIANG Y , WANG Y , et al . Network traffic classification using correlation information [J ] . IEEE Transactions on Parallel ＆Distributed Systems , 2013 , 24 ( 1 ): 104 - 117 .

BARALIS E M , MELLIA M , GRIMAUDO L . Self-learning classifier for internet traffic [J ] . IEEE INFOCOM,Turin,Italy , 2013 , 11 ( 2 ): 423 - 428 .

DIVAKARAN D M , SU L , LIAU Y S , et al . SLIC:self-learning intelligent classifier for network traffic [J ] . Computer Networks , 2015 , 91 : 283 - 297 .

XIE G W , ILIOFOTOU M , KERALAPURA R , et al . SubFlow:Towards practical flow-level traffic classification [C ] // IEEE INFOCOM . Orlando,Florida,USA , 2012 : 2541 - 2545 .

ACETO G , DAINOTTI A , DONATO W , et al . PortLoad:taking the best of two worlds in traffic classification [C ] // IEEE INFOCOM . San Diego , 2010 : 1 - 5 .

DONATO WD , PESCAPÈ A , DAINOTTI A . TIE:a community-oriented traffic classification platform [C ] // International Workshop on Traffic Monitoring and Analysis(TMA),Springer Berlin Heidelberg . 2009 .

LEE S , KIM H-C , BARMAN D , et al . NeTraMark:a network traffic classification benchmark [C ] // ACM SIGCOMM . Toronto,ON,Canada , 2011 .

张众 , 杨建华 , 谢高岗 . 高效可扩展的应用层流量识别架构 [J ] . 通信学报 , 2008 , 29 ( 12 ): 22 - 31 .

ZHANG Z , YANG J H , XIE G G . Efficient and extensible architecture of traffic identification at application layer [J ] . Journal on Communications , 2008 , 29 ( 12 ): 22 - 31 .

BEDDOE M . The Protocol information project [EB/OL ] . http://www.tphi.net/awalters/PI.html http://www.tphi.net/awalters/PI.html .

CUI W D , KANNAN J , WANG H J . Discoverer:automatic protocol reverse engineering from network traces [C ] // The 16th USENIX Security Symposium on USENIX Security Symposium . Berkeley:USENIX , 2007 : 199 - 212 .

朱玉娜 , 韩继红 , 袁霖 , 等 . SPFPA:一种面向未知密码协议的格式解析方法 [J ] . 计算机研究与发展 , 2015 , 52 ( 10 ): 2200 - 2211 .

ZHU Y N , HAN J H , YUAN L , et al . SPFPA:a format parsing approach for unknown security protocols [J ] . Journal of Computer Research and Development , 2015 , 52 ( 10 ): 2200 - 2211 .

JOGLEKAR S P , TATE S R . Protomon:embedded monitors for cryptographic protocol intrusion detection and prevention [C ] // International Conference on Information Technology:Coding and Computing,2004.ITCC 2004 . IEEE , 2004 ,1: 81 - 88 .

LECKIE T , YASINSAC A . Metadata for anomaly-based security protocol attack deduction [J ] . IEEE Transactions on Knowledge and Data Engineering , 2004 , 16 ( 9 ): 1157 - 1168 .

FADLULLAH Z M , TALEB T , ANSARI N , et al . Combating against attacks on encrypted protocols [C ] // In Communications,IEEE International Conference on ICC'07 . 2007 : 1211 - 1216 .

FADLULLAH Z M , TALE B T , VASIAKOS A V , et al . DTRAB:combating against attacks on encrypted protocols through traffic-feature analysis [J ] . IEEE/ACM Transactions on Networking (TON) , 2010 , 18 ( 4 ): 1234 - 1247 .

YASINSAC A . An environment for security protocol intrusion detection [J ] . Journal of Computer Security , 2002 , 10 ( 1/2 ): 177 - 188 .

MAEDCHE A . Ontology learning for the semantic Web [M ] . Boston : Kluwer Academic PublishersPress , 2002 .

GAN G , WU J . A convergence theorem for the fuzzy subspace clustering (FSC)algorithm [J ] . Pattern Recognition , 2008 , 41 ( 6 ): 1939 - 1947 .

朱玉娜 , 韩继红 , 袁霖 , 等 . 基于主体行为的多方密码协议会话识别方法 [J ] . 通信学报 , 2015 , 11 ( 36 ): 190 - 200 .

ZHU Y N , HAN J H , YUAN L , et al . Towards session identification using principal behavior for multi-party secure protocol [J ] . Journal on Communications , 2015 , 11 ( 36 ): 190 - 200 .

KHAKPOUR A R , LIU A X . High-speed flow nature identification [C ] // International Conference on Distributed Computing Systems . Montreal,Canada , 2009 : 510 - 517 .

浏览量

2564

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

多核低冗余表示学习的稳健多视图子空间聚类方法

语义Web安全研究