关键词: 协议分类, 抗噪, 协议特征, 局部敏感哈希, 多分类, 网络协议

Abstract: Towards the protocol classification problem in unencrypted network environment, a feature construction method with antinoise capability is studied. Using the local sensitive hashing algorithm, the fragments of high frequency in protocol data are extracted, which can reflect the inherent characteristics of the protocol data. The inherent characteristics are less susceptible to the network transmission than the external features based on the protocol traffic statistics. The experimental results show that the accuracy of protocol classification can achieve over 80% by taking advantage of the proposed feature, while the classification performance of this feature is not influenced much in the noisy environment.

Key words: protocol classification, antinoise, protocol feature, locality sensitive hashing, multi-classification, network protocol