Abstract
Unknown protocol discovery has a great significance for the network management. However, discovering the unknown bit stream protocol with zero knowledge is very difficult. This paper proposes an unsupervised method which can automatically extract protocol features and discover protocols with zero knowledge. The method discovers protocols by frequent sequences and positions based on clustering and detects address fields based on similarity of the unit set in different positions. The experimental results show that the method accurately discovers unknown bit stream protocols with high precision and recall using the least number of features for the given target protocol messages such as ICMP and ARP. The detected address fields are also highly accurate.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
I. netflow statistics. http://netflow.internet2.edu
Caballero, J., et al.: Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering. In: ACM CCS (2009)
Merwe, J.V.D., Caceres, R., Chu, Y.H., et al.: mmdump: a tool for monitoring internet multimedia traffic. ACM SIGCOMM Comput. Commun. Rev. 30(5), 48–59 (2005)
Long, W., Xin, Y., Yang Y.: An application-level signatures extracting algorithm based on offset constraint. In: International Symposium on Intelligent Information Technology Application Workshops: IITAW 2008. IEEE (2008)
Wang, Y., Zhang, N., Wu, Y., Su, B.: Protocol specification inference based on keywords identification. In: Motoda, H., Wu, Z., Cao, L., Zaiane, O., Yao, M., Wang, W. (eds.) ADMA 2013, Part II. LNCS, vol. 8347, pp. 443–454. Springer, Heidelberg (2013)
Jamdagni, A., Tan, Z., He, X., Nanda, P., Liu, R.P.: RePIDS: a multitier real-time payload-based intrusion detection system. Comput. Netw. 57(3), 811–824 (2013)
Wang, Y., Zhang, Z., Yao, D.D., Qu, B., Guo, L.: Inferring protocol state machine from network traces: a probabilistic approach. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 1–18. Springer, Heidelberg (2011)
Zhang, Z., Zhang, Z., Lee, P.P.C., et al.: Toward unsupervised protocol feature word extraction. IEEE J. Sel. Areas Commun. 32(10), 1894–1906 (2014)
Cai, X., Zhang, R., Wang, B.: Machine learning and keyword-matching integrated protocol identification. In: 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT 2010). IEEE (2010)
Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (2007)
Macqueen, J., et al.: Some methods for classification and analysis of multivariate observations. In: Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability (1967)
Acknowledgment
This work is supported by National Natural Science Foundation of China (Grant No. U1230106; 61472064), Science and Technology Development Foundation of Chinese Academy of Engineering Physics (2012A0403021), Technology projects in Sichuan Province (2014GZ0109, 2015KZ002, 2015JY0178).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhang, F., Zhang, J., Zhou, H. (2015). Unknown Bit Stream Protocol Message Discovery with Zero Knowledge. In: Wang, G., Zomaya, A., Martinez, G., Li, K. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2015. Lecture Notes in Computer Science(), vol 9532. Springer, Cham. https://doi.org/10.1007/978-3-319-27161-3_73
Download citation
DOI: https://doi.org/10.1007/978-3-319-27161-3_73
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27160-6
Online ISBN: 978-3-319-27161-3
eBook Packages: Computer ScienceComputer Science (R0)