Generating Statistic Application Signatures for Inference of Unknown Applications

Author

Jian-Zhen Luo ; Shun-Zheng Yu

Author_Institution

Sch. of Inf. Sci. & Technol., Sun Yat-Sen Univ., Guangzhou, China

fYear

2013

fDate

3-4 Dec. 2013

Firstpage

241

Lastpage

245

Abstract

In this paper, we propose a novel approach of protocol reverse engineering to extract protocol keywords of unknown application from raw network traffic data without a prior knowledge about the application based on compression theory, entropy and variance analysis. We also present an efficient method to generate statistic signature of unknown application leveraging machine learning and probabilistic models. The experiment results show that our approach extract protocol keywords of application in high accuracy, the false positive and false negative of application identification using our method are very low. Our technique can also discover new application in unknown traffic.

Keywords

cryptographic protocols; learning (artificial intelligence); probability; reverse engineering; telecommunication traffic; compression theory; entropy; false negative; false positive; machine learning; probabilistic model; protocol keywords; protocol reverse engineering; raw network traffic data; statistic application signatures; statistic signature; variance analysis; Data mining; Entropy; Internet; Probabilistic logic; Protocols; Reverse engineering; World Wide Web; Application Signature; Probabilistic Prefix Tree Acceptor; Protocol Keyword Extraction; Traffic Analysis; Unknown Application Inference;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Systems (GCIS), 2013 Fourth Global Congress on

Conference_Location

Hong Kong

Print_ISBN

978-1-4799-2885-9

Type

conf

DOI

10.1109/GCIS.2013.45

Filename

6805942