Association Analysis and Identification of Unknown Bitstream Protocols Based on Composite Feature Sets

Abstract

Read online

Concomitant with the rapid development of network communications technology, the analysis of communication protocols has become indispensable in the maintenance of daily network security. Common protocol analysis methods predominantly analyze protocols using known information, such as fixed port numbers; however, these methods have significant limitations. In the current network environment, the proportion of undisclosed protocols is increasing daily, and the information related to such protocols is difficult to obtain and sometimes fails because of the particularity of the unknown protocol format. Therefore, it is crucial to analyze unknown protocols in the context of less prior knowledge. To solve this problem, this paper proposes a novel protocol identification method in which association analysis and identification of unknown bitstream protocols are first carried out based on composite feature sets. Furthermore, data mining and statistics-related knowledge are applied to realize protocol message-type identification and protocol message-format analysis. The results of experiments conducted on the bitstream protocol dataset verify that the proposed method can accurately identify different message types. Specifically, taking the ICMP and ARP protocols as examples, the proposed method could effectively infer the main features, which is helpful for further protocol information extraction and analysis.

Keywords

• Composite feature set
• network communication technology
• protocol message-format analysis
• protocol message-type identification