Title :
Automatic mining of distinguishers with unknown protocol format
Author :
Wang, Yipeng ; Wang, Liyan ; Li, Xingjian ; Zhang, Zhibin ; Guo, Li
Author_Institution :
Inst. of Comput. Technol., Chinese Acad. of Sci., Beijing, China
Abstract :
Unknown protocol inference are useful for many security application, including intrusion detection which always depends on deep packet inspection. However, mining distinguishers with unknown protocol format generally turns to protocol reverse engineering. In this paper, we propose a novel method for automatically abstracting protocol distinguishers based on statistic and our method is proved to be a good tool in finding protocol specifications. To implement and validate our method, we deign a serial of experiments. Then, applied to analyze of the indicators - recall is 99% while precise equals 99.9%, the method was proved highly efficient in the real-world environment.
Keywords :
data mining; multiprotocol label switching; reverse engineering; security of data; automatic protocol distinguisher abstracting; deep packet inspection; distinguisher mining; intrusion detection; protocol reverse engineering; security application; unknown protocol format; World Wide Web; automatic mining; protocol specification; statistic;
Conference_Titel :
Intelligent Computing and Integrated Systems (ICISS), 2010 International Conference on
Conference_Location :
Guilin
Print_ISBN :
978-1-4244-6834-8
DOI :
10.1109/ICISS.2010.5655016
