Classification and Recognition of Unknown Network Protocol Characteristics

In recent years, unscrupulous hacker attacks have led to the information leakage of enterprise and individual network users, which makes the network security issue unprecedented concerned. Botnet and dark network, which use C & C channel of unknown protocol format to communicate, are the important p...

Full description

Saved in:
Bibliographic Details
Published inJournal of Information Science and Engineering Vol. 36; no. 4; pp. 765 - 776
Main Authors 王一川(YI-CHUAN WANG), 白彬彬(BIN-BIN BAI), 黑新宏(XIN-HONG HEI), 任炬(JU REN), 姬文江(WEN-JIANG JI)
Format Journal Article
LanguageEnglish
Published Taipei 社團法人中華民國計算語言學學會 01.07.2020
Institute of Information Science, Academia Sinica
Subjects
Algorithms
Classification
Cluster analysis
Clustering
Cybersecurity
Feature recognition
Format
Internet of Things
Optimization
Principal components analysis
Protocol
Protocol (computers)
Wireless networks
wireless mobile network
clique
protocol recognition
IoT
PCA
Online AccessGet full text
ISSN1016-2364
DOI10.6688/JISE.202007_36(4).0005

Cover

More Information
Summary:In recent years, unscrupulous hacker attacks have led to the information leakage of enterprise and individual network users, which makes the network security issue unprecedented concerned. Botnet and dark network, which use C & C channel of unknown protocol format to communicate, are the important parts. With the development of wireless mobile networks technology, this problem becomes more prominent. Classifying and identifying the unknown protocol features can help us to judge and predict the unknown attack behavior in the Internet of things environment, so as to protect the network security. Firstly, this paper compares the protocol features to be detected with the existing protocol features in the feature base through the vectorization operation of protocol features, selects the feature set with high recognition rate, and judges the similarity between protocols. The extracted composite features are digitized to generate 0-1 matrix, then Principal Component Analysis (PCA) dimension reduction is processed, and finally clustering analysis is carried out. A Clique to Protocol Feature Vectorization (CPFV) algorithm is designed to improve the efficiency of protocol clustering and finally generate a new protocol format. The experimental results show that compared with the traditional Clique and BIRCH algorithms, the proposed optimization algorithm improves the accuracy by 20% and the stability by 15%. It can cluster and identify unknown protocols accurately and quickly.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1016-2364
DOI:10.6688/JISE.202007_36(4).0005