• DocumentCode
    3389727
  • Title

    Automatic mining of distinguishers with unknown protocol format

  • Author

    Wang, Yipeng ; Wang, Liyan ; Li, Xingjian ; Zhang, Zhibin ; Guo, Li

  • Author_Institution
    Inst. of Comput. Technol., Chinese Acad. of Sci., Beijing, China
  • fYear
    2010
  • fDate
    22-24 Oct. 2010
  • Firstpage
    67
  • Lastpage
    70
  • Abstract
    Unknown protocol inference are useful for many security application, including intrusion detection which always depends on deep packet inspection. However, mining distinguishers with unknown protocol format generally turns to protocol reverse engineering. In this paper, we propose a novel method for automatically abstracting protocol distinguishers based on statistic and our method is proved to be a good tool in finding protocol specifications. To implement and validate our method, we deign a serial of experiments. Then, applied to analyze of the indicators - recall is 99% while precise equals 99.9%, the method was proved highly efficient in the real-world environment.
  • Keywords
    data mining; multiprotocol label switching; reverse engineering; security of data; automatic protocol distinguisher abstracting; deep packet inspection; distinguisher mining; intrusion detection; protocol reverse engineering; security application; unknown protocol format; World Wide Web; automatic mining; protocol specification; statistic;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligent Computing and Integrated Systems (ICISS), 2010 International Conference on
  • Conference_Location
    Guilin
  • Print_ISBN
    978-1-4244-6834-8
  • Type

    conf

  • DOI
    10.1109/ICISS.2010.5655016
  • Filename
    5655016
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3389727