即时通讯流量检测与分析
|
摘要
本文从数据包数量受限条件下的流量检测和基于Petri网的协议分析两个方面进行即时通讯流量的研究。通过互信息分析对比不同即时通讯流量数据包数为流量分类提供的信息量差别,利用统计学检验方法以及基于混淆矩阵的分类性能评价方法对机器学习分类器在不同包数下对即时通讯流量的分类的情况进行分析,得到各种机器学习分类器达到最佳分类状态时用于检测的包数量。基于Petri网对协议形式化的描述,将协议受到的攻击行为转化为网中插入的新元素,利用矩阵的运算完成协议攻击成功的可能性分析,使得协议安全性的分析有了形式化的方法,避免了人工分析的不确定性和局限性。本文设计并实现了一个即时通讯流量检测分析系统,通过数据包数选取、机器学习分类以及Petri网分析,实现包数受限下的即时通讯软件协议数据流识别分类及通讯的消息分析还原。
This paper studies the instant messenger traffic flowfrom two aspects: traffic detection under the condition of limited number of packets and protocol analysis based on Petri nets. Through mutual information analysis,the paper compares the amount of information provided by different packet numbers for traffic classification. Statistical test and performance evaluation based on confusion matrix are used to analyze the result of the classification for getting the best packet number for machine learning classifier.By using formal description of protocol based on Petri network,the paper transforms the attack behavior of the protocol into newelements inserted in the network to analyze the possibility of successful protocol attack by matrix operation. Therefore,this paper designs and implements an instant messenger traffic detection and analysis system,using selection of packet number,machine learning and Petri analysis for instant messenger flowclassification and message restore.
This paper studies the instant messenger traffic flowfrom two aspects: traffic detection under the condition of limited number of packets and protocol analysis based on Petri nets. Through mutual information analysis,the paper compares the amount of information provided by different packet numbers for traffic classification. Statistical test and performance evaluation based on confusion matrix are used to analyze the result of the classification for getting the best packet number for machine learning classifier.By using formal description of protocol based on Petri network,the paper transforms the attack behavior of the protocol into newelements inserted in the network to analyze the possibility of successful protocol attack by matrix operation. Therefore,this paper designs and implements an instant messenger traffic detection and analysis system,using selection of packet number,machine learning and Petri analysis for instant messenger flowclassification and message restore.
引文
[1]杨创华.对即时通讯软件业的现状和发展探究[J].科研,2016(4):00307.
[2]苏日娜. WEB2.0背景下政府对微博客舆论的应对与应用策略研究[D].呼和浩特:内蒙古大学,2011.
[3]彭建芬,周亚建,王枞,等. TCP流量早期识别方法[J].应用科学学报,2011,29(1):73-77.
[4]周荫清.信息理论基础[M]. 4版.北京:北京航空航天大学出版社,2012.
[5] GAIKWAD D P,THOOL R C. Intrusion detection system using bagging ensemble method of machine learning[C]//International Conference on Computing Communication Control and Automation. Pune,India:IEEE,2015:291-295.
[6]ZHU Ji,ROSSET S,ZOU Hui,et al. Multi-class AdaBoost[J].Statistics&Its Interface,2009,2(3):349-360.
[7]郭山清,高丛,姚建,等.基于改进的随机森林算法的入侵检测模型(英文)[J].软件学报,2005,16(8):1490-1498.
[8]CHEUNG T Y. Petri nets for protocol engineering[J]. Computer Communications,1996,19(14):1250-1257.
[9]刘进锋,郭雷. CPU与GPU上几种矩阵乘法的比较与分析[J].计算机工程与应用,2011,47(19):9-11,23.
[2]苏日娜. WEB2.0背景下政府对微博客舆论的应对与应用策略研究[D].呼和浩特:内蒙古大学,2011.
[3]彭建芬,周亚建,王枞,等. TCP流量早期识别方法[J].应用科学学报,2011,29(1):73-77.
[4]周荫清.信息理论基础[M]. 4版.北京:北京航空航天大学出版社,2012.
[5] GAIKWAD D P,THOOL R C. Intrusion detection system using bagging ensemble method of machine learning[C]//International Conference on Computing Communication Control and Automation. Pune,India:IEEE,2015:291-295.
[6]ZHU Ji,ROSSET S,ZOU Hui,et al. Multi-class AdaBoost[J].Statistics&Its Interface,2009,2(3):349-360.
[7]郭山清,高丛,姚建,等.基于改进的随机森林算法的入侵检测模型(英文)[J].软件学报,2005,16(8):1490-1498.
[8]CHEUNG T Y. Petri nets for protocol engineering[J]. Computer Communications,1996,19(14):1250-1257.
[9]刘进锋,郭雷. CPU与GPU上几种矩阵乘法的比较与分析[J].计算机工程与应用,2011,47(19):9-11,23.