计算机工程与应用 ›› 2006, Vol. 42 ›› Issue (24): 16-.

• 博士论坛 • 上一篇    下一篇

基于特征串的应用层协议识别

陈亮、龚俭、徐选

  

  1. 南京市东南大学计算机系网络中心
  • 收稿日期:2006-05-23 修回日期:1900-01-01 出版日期:2006-08-21 发布日期:2006-08-21
  • 通讯作者: 陈亮 lchen

Identification of Application-Level Protocols Using Characteristic

Liang Chen,Jian Gong,Xuan Xu   

  1. 南京市东南大学计算机系网络中心
  • Received:2006-05-23 Revised:1900-01-01 Online:2006-08-21 Published:2006-08-21
  • Contact: Liang Chen

摘要: 随着各种P2P协议的广泛应用以及逃避防火墙检测的需要,传统的基于常用端口识别应用层协议的方法已经出现问题。本文通过分析可用的文档和实际报文TRACE,分别为七种应用层协议找出其实际交互过程中必须出现且出现频率最高的固定字段,并将这些固定字段作为协议的特征串来识别这七种协议。实验结果表明,相较于端口方法,使用特征串方法识别这七种应用层协议具有更高的准确性,并且时间消耗的增长不会超过2%。

关键词: 网络流量, 应用层协议识别, 特征串

Abstract: Along with the emergence of many P2P protocols and the need of circumventing firewalls, traditional methods of application-level protocol identification such as using default server port become more and more inaccurate. The characteristic for each of seven application-level protocols is defined by analyzing some available documentations and packet-level traces in this paper. The characteristic of a protocol is a necessary part of actual communication, and it is more frequent to be used than any other necessary parts. These characteristics then are utilized to identify the seven protocols. The measurements show that the approach has higher accuracy than traditional port-based approach, and the time consumption increment do not exceed 2%.

Key words: network traffic, application-level protocol identification, characteristic string