Monitoring approach for online security of cryptographic protocol

Yu-na ZHU; Ji-hong HAN; Lin YUAN; Yu-dan FAN; Han-tuo CHEN; Wen GU

doi:10.11959/j.issn.1000-436x.2016293

您当前的位置：

首页 >

文章列表页 >

Monitoring approach for online security of cryptographic protocol

Papers | 更新时间：2024-06-05

- Monitoring approach for online security of cryptographic protocol
- Journal on Communications Vol. 37, Issue 6, Pages: 75-85(2016)
- 作者机构：
  
  1. 解放军信息工程大学三院，河南郑州 450001
  2. 解放军91033部队，山东青岛 266035
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61309018)
- DOI：10.11959/j.issn.1000-436x.2016293
  CLC： TP393.08
- Online First：2016-06，
  
  Published：25 June 2016
- 稿件说明：
移动端阅览
Yu-na ZHU, Ji-hong HAN, Lin YUAN, et al. Monitoring approach for online security of cryptographic protocol[J]. Journal on Communications, 2016, 37(6): 75-85.
DOI：

Yu-na ZHU, Ji-hong HAN, Lin YUAN, et al. Monitoring approach for online security of cryptographic protocol[J]. Journal on Communications, 2016, 37(6): 75-85. DOI： 10.11959/j.issn.1000-436x.2016293.

摘要

为解决现有方法无法在线监测协议逻辑进行的低交互型攻击的问题，提出一种密码协议在线监测方法CPOMA。首先构建面向密码协议的特征项本体框架，以统一描述不同类型的特征项，并基于该框架首次利用模糊子空间聚类方法进行特征加权，建立个体化的密码协议特征库；在此基础上给出自学习的密码协议识别与会话实例重构方法，进而在线监测协议异常会话。实验结果表明，CPOMA不仅能够较好地识别已知协议、学习未知协议、重构会话，而且能够有效在线监测协议异常会话，提高密码协议在线运行的安全性。

Abstract

Previous methods can not detect the low-interaction attacks of protocol logic.A cryptographic protocol online monitoring approach named CPOMA was presented.An ontology framework of cryptographic protocol features was constructed for the unified description of cryptographic protocol features with different types.Based on the framework

a feature weighting method was proposed by fuzzy subspace clustering first

and the individualized feature database of cryptographic protocols was built.On this basis

a self-learning method was presented for protocol identification and session rebuilding

and then abnormal protocol sessions were detected online.Experimental results show that CPOMA can identify protocols

rebuild sessions

detect abnormal sessions efficiently

and can improve the online security of cryptographic protocols.

关键词

Keywords

references

BERNAILLE L , TEIXEIRA R . Early recognition of encrypted applications [C ] // The 8th International Conference on Passive and Active Network Measurement . Belgium , 2007 : 165 - 175 .

HAFFNER P , SEN S , SPATSCHECKO , et al . ACAS:automated construction of application signatures [C ] // ACM SIGCOMM Workshop on Mining Network Data . Philadelphia,PA,USA , 2005 : 197 - 202 .

MOORE A , ZUEV D , CROGAN M . Discriminators for use in flow-based classification:technical report,RR-05-13 [R ] . UK:Quecn Mayr University of London , 2005 .

BERNAILLE L , TEIXEIRA R , SALAMATIAN K . Early application identification [C ] // ACM CoNEXT,Lisboa,Portugal , 2006 .

ZHANG J , XIANG Y , WANG Y , et al . Network traffic classification using correlation information [J ] . IEEE Transactions on Parallel ＆Distributed Systems , 2013 , 24 ( 1 ): 104 - 117 .

BARALIS E M , MELLIA M , GRIMAUDO L . Self-learning classifier for internet traffic [J ] . IEEE INFOCOM,Turin,Italy , 2013 , 11 ( 2 ): 423 - 428 .

DIVAKARAN D M , SU L , LIAU Y S , et al . SLIC:self-learning intelligent classifier for network traffic [J ] . Computer Networks , 2015 , 91 : 283 - 297 .

XIE G W , ILIOFOTOU M , KERALAPURA R , et al . SubFlow:Towards practical flow-level traffic classification [C ] // IEEE INFOCOM . Orlando,Florida,USA , 2012 : 2541 - 2545 .

ACETO G , DAINOTTI A , DONATO W , et al . PortLoad:taking the best of two worlds in traffic classification [C ] // IEEE INFOCOM . San Diego , 2010 : 1 - 5 .

DONATO WD , PESCAPÈ A , DAINOTTI A . TIE:a community-oriented traffic classification platform [C ] // International Workshop on Traffic Monitoring and Analysis(TMA),Springer Berlin Heidelberg . 2009 .

LEE S , KIM H-C , BARMAN D , et al . NeTraMark:a network traffic classification benchmark [C ] // ACM SIGCOMM . Toronto,ON,Canada , 2011 .

张众 , 杨建华 , 谢高岗 . 高效可扩展的应用层流量识别架构 [J ] . 通信学报 , 2008 , 29 ( 12 ): 22 - 31 .

ZHANG Z , YANG J H , XIE G G . Efficient and extensible architecture of traffic identification at application layer [J ] . Journal on Communications , 2008 , 29 ( 12 ): 22 - 31 .

BEDDOE M . The Protocol information project [EB/OL ] . http://www.tphi.net/awalters/PI.html http://www.tphi.net/awalters/PI.html .

CUI W D , KANNAN J , WANG H J . Discoverer:automatic protocol reverse engineering from network traces [C ] // The 16th USENIX Security Symposium on USENIX Security Symposium . Berkeley:USENIX , 2007 : 199 - 212 .

朱玉娜 , 韩继红 , 袁霖 , 等 . SPFPA:一种面向未知密码协议的格式解析方法 [J ] . 计算机研究与发展 , 2015 , 52 ( 10 ): 2200 - 2211 .

ZHU Y N , HAN J H , YUAN L , et al . SPFPA:a format parsing approach for unknown security protocols [J ] . Journal of Computer Research and Development , 2015 , 52 ( 10 ): 2200 - 2211 .

JOGLEKAR S P , TATE S R . Protomon:embedded monitors for cryptographic protocol intrusion detection and prevention [C ] // International Conference on Information Technology:Coding and Computing,2004.ITCC 2004 . IEEE , 2004 ,1: 81 - 88 .

LECKIE T , YASINSAC A . Metadata for anomaly-based security protocol attack deduction [J ] . IEEE Transactions on Knowledge and Data Engineering , 2004 , 16 ( 9 ): 1157 - 1168 .

FADLULLAH Z M , TALEB T , ANSARI N , et al . Combating against attacks on encrypted protocols [C ] // In Communications,IEEE International Conference on ICC'07 . 2007 : 1211 - 1216 .

FADLULLAH Z M , TALE B T , VASIAKOS A V , et al . DTRAB:combating against attacks on encrypted protocols through traffic-feature analysis [J ] . IEEE/ACM Transactions on Networking (TON) , 2010 , 18 ( 4 ): 1234 - 1247 .

YASINSAC A . An environment for security protocol intrusion detection [J ] . Journal of Computer Security , 2002 , 10 ( 1/2 ): 177 - 188 .

MAEDCHE A . Ontology learning for the semantic Web [M ] . Boston : Kluwer Academic PublishersPress , 2002 .

GAN G , WU J . A convergence theorem for the fuzzy subspace clustering (FSC)algorithm [J ] . Pattern Recognition , 2008 , 41 ( 6 ): 1939 - 1947 .

朱玉娜 , 韩继红 , 袁霖 , 等 . 基于主体行为的多方密码协议会话识别方法 [J ] . 通信学报 , 2015 , 11 ( 36 ): 190 - 200 .

ZHU Y N , HAN J H , YUAN L , et al . Towards session identification using principal behavior for multi-party secure protocol [J ] . Journal on Communications , 2015 , 11 ( 36 ): 190 - 200 .

KHAKPOUR A R , LIU A X . High-speed flow nature identification [C ] // International Conference on Distributed Computing Systems . Montreal,Canada , 2009 : 510 - 517 .

Views

3170

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Robust multiview subspace clustering method based on multi-kernel low-redundancy representation learning

Study on semantic Web security

Related Author

Ao LI

Zhuo WANG

Xiaoyang YU

Deyun CHEN

Yingtao ZHANG

Guanglu SUN

De-yan CHEN

Hong ZHAO

Related Institution

School of Computer Science and Technology, Harbin University of Science and Technology

Postdoctoral Station of Instrument Science and Technology, Harbin University of Science and Technology

School of Computer Science and Technology, Harbin Institute of Technology

National Engineering Research Center for Computer Software,Northeastern University

State Key Laboratory of Software Architecture,Neusoft Corporation

AI问答

⁰