计算机工程与应用 ›› 2010, Vol. 46 ›› Issue (18): 103-106.DOI: 10.3778/j.issn.1002-8331.2010.18.033

• 网络、通信、安全 • 上一篇    下一篇

基于正则表达式的动态应用层协议识别方案

王 杰,石成辉   

  1. 郑州大学 电气工程学院,郑州 450001
  • 收稿日期:2008-12-11 修回日期:2009-02-26 出版日期:2010-06-21 发布日期:2010-06-21
  • 通讯作者: 王 杰

Dynamic application layer protocol identification program based on regular expressions

WANG Jie,SHI Cheng-hui   

  1. College of Electrical Engineering,Zhengzhou University,Zhengzhou 450001,China
  • Received:2008-12-11 Revised:2009-02-26 Online:2010-06-21 Published:2010-06-21
  • Contact: WANG Jie

摘要: 传统依赖于端口号的应用层协议识别方法对大量具有随机端口的应用不再适用,设计一种基于正则表达式的动态应用层协议识别方案。在深入分析DFA状态数对算法性能影响的基础上,提出了构造最优DFA状态数的算法,该算法保证在任意有限的系统资源下具有最小的时间复杂度和空间复杂度,并且将报文匹配方式和One-Pass扫描算法相结合进行测试。实验表明此方案具有较低的资源消耗率,较高识别效率和识别精度。

关键词: 协议识别, 正则表达式, 最优DFA状态数, One-Pass扫描算法

Abstract: Traditional methods of application-layer protocol identification such as using default server port are no longer applicable to a large number of random ports application.A dynamic application-layer protocol identification based on regular expression is designed.Through analyzing the impact of number of DFA states to the algorithm performance,a DFA state number optimization algorithm is proposed.This algorithm has the little time complexity and space complexity under the limited system resource.And then packet matching patterns are tested with One-Pass scanning algorithm.Experimental results show that this program has a lower rate of resource consumption,higher efficiency of the identification and recognition accuracy.

Key words: protocol identification, regular expression, DFA state number optimization, One-Pass scanning algorithm

中图分类号: