Title :
Generating Statistic Application Signatures for Inference of Unknown Applications
Author :
Jian-Zhen Luo ; Shun-Zheng Yu
Author_Institution :
Sch. of Inf. Sci. & Technol., Sun Yat-Sen Univ., Guangzhou, China
Abstract :
In this paper, we propose a novel approach of protocol reverse engineering to extract protocol keywords of unknown application from raw network traffic data without a prior knowledge about the application based on compression theory, entropy and variance analysis. We also present an efficient method to generate statistic signature of unknown application leveraging machine learning and probabilistic models. The experiment results show that our approach extract protocol keywords of application in high accuracy, the false positive and false negative of application identification using our method are very low. Our technique can also discover new application in unknown traffic.
Keywords :
cryptographic protocols; learning (artificial intelligence); probability; reverse engineering; telecommunication traffic; compression theory; entropy; false negative; false positive; machine learning; probabilistic model; protocol keywords; protocol reverse engineering; raw network traffic data; statistic application signatures; statistic signature; variance analysis; Data mining; Entropy; Internet; Probabilistic logic; Protocols; Reverse engineering; World Wide Web; Application Signature; Probabilistic Prefix Tree Acceptor; Protocol Keyword Extraction; Traffic Analysis; Unknown Application Inference;
Conference_Titel :
Intelligent Systems (GCIS), 2013 Fourth Global Congress on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4799-2885-9
DOI :
10.1109/GCIS.2013.45
