Analyzing Network Protocols of Application Layer Using Hidden Semi-Markov Model

With the rapid development of Internet, especially the mobile Internet, the new applications or network attacks emerge in a high rate in recent years. More and more traffic becomes unknown due to the lack of protocol specifications about the newly emerging applications. Automatic protocol reverse en...

Full description

Saved in:
Bibliographic Details
Published in:Mathematical problems in engineering 2016-01, Vol.2016 (2016), p.1-14
Main Authors: Cai, Jun, Lei, Fangyuan, Luo, Jian-Zhen
Format: Article
Language:English
Subjects:
Accuracy
Algorithms
Clustering
Communication
Communications traffic
Data mining
Internet
Keywords
Markov chains
Mathematical models
Messages
Network analysis
Networks
Optimization
Protocol
Protocol (computers)
R&D
Research & development
Reverse engineering
Specifications
Traffic engineering
Traffic flow
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the rapid development of Internet, especially the mobile Internet, the new applications or network attacks emerge in a high rate in recent years. More and more traffic becomes unknown due to the lack of protocol specifications about the newly emerging applications. Automatic protocol reverse engineering is a promising solution for understanding this unknown traffic and recovering its protocol specification. One challenge of protocol reverse engineering is to determine the length of protocol keywords and message fields. Existing algorithms are designed to select the longest substrings as protocol keywords, which is an empirical way to decide the length of protocol keywords. In this paper, we propose a novel approach to determine the optimal length of protocol keywords and recover message formats of Internet protocols by maximizing the likelihood probability of message segmentation and keyword selection. A hidden semi-Markov model is presented to model the protocol message format. An affinity propagation mechanism based clustering technique is introduced to determine the message type. The proposed method is applied to identify network traffic and compare the results with existing algorithm.
ISSN:1024-123X
1563-5147
DOI:10.1155/2016/9161723