Analyzing Network Protocols of Application Layer Using Hidden Semi-Markov Model
TLDR
This paper proposes a novel approach to determine the optimal length of protocol keywords and recover message formats of Internet protocols by maximizing the likelihood probability of message segmentation and keyword selection.Abstract:
With the rapid development of Internet, especially the mobile Internet, the new applications or network attacks emerge in a high rate in recent years. More and more traffic becomes unknown due to the lack of protocol specifications about the newly emerging applications. Automatic protocol reverse engineering is a promising solution for understanding this unknown traffic and recovering its protocol specification. One challenge of protocol reverse engineering is to determine the length of protocol keywords and message fields. Existing algorithms are designed to select the longest substrings as protocol keywords, which is an empirical way to decide the length of protocol keywords. In this paper, we propose a novel approach to determine the optimal length of protocol keywords and recover message formats of Internet protocols by maximizing the likelihood probability of message segmentation and keyword selection. A hidden semi-Markov model is presented to model the protocol message format. An affinity propagation mechanism based clustering technique is introduced to determine the message type. The proposed method is applied to identify network traffic and compare the results with existing algorithm.read more
Citations
More filters
Journal ArticleDOI
A Systematic Review of Hidden Markov Models and Their Applications
TL;DR: The paper represents a short but comprehensive description of research on hidden Markov model and its variants for various applications and shows the significant trends in the research onhiddenMarkov model variants and their applications.
Journal ArticleDOI
Survey of Protocol Reverse Engineering Algorithms: Decomposition of Tools for Static Traffic Analysis
TL;DR: This survey collects tools presented by prior research in the field of protocol reverse engineering by static traffic trace analysis and presents and discusses an explicit process model for static traffic traces analysis to reveal the common structure of the decomposed tools and frameworks.
Journal ArticleDOI
A Survey of Automatic Protocol Reverse Engineering Approaches, Methods, and Tools on the Inputs and Outputs View
TL;DR: This paper reviews and analyzes a total of 39 approaches, methods, and tools towards Protocol Reverse Engineering (PRE) and classifies them into four divisions, approaches that reverse engineer protocol finite state machines, protocol formats, and both protocol infinite state machines and protocol formats to approaches that focus directly on neither reverse engineering protocol formats nor protocol finiteState machines.
Journal ArticleDOI
P-Gram: Positional N-Gram for the Clustering of Machine-Generated Messages
Jiaojiao Jiang,Steve Versteeg,Jun Han,Arafat Hossain,Jean-Guy Schneider,Christopher Leckie,Zeinab Farahmandpour +6 more
TL;DR: A new machine language processing (MLP) approach, specifically designed for identifying keywords in, and subsequently clustering, machine-generated messages, and an entropy-based positional weighting method is devised to measure the importance or weight of the positional keywords to each message.
Journal ArticleDOI
Protocol Reverse-Engineering Methods and Tools: A Survey
TL;DR: A survey of protocol reverse-engineering methods and tools based on network trace (NetT) or execution trace (ExeT) according to features representation is presented in this paper .
References
More filters
Journal ArticleDOI
A tutorial on hidden Markov models and selected applications in speech recognition
TL;DR: In this paper, the authors provide an overview of the basic theory of hidden Markov models (HMMs) as originated by L.E. Baum and T. Petrie (1966) and give practical details on methods of implementation of the theory along with a description of selected applications of HMMs to distinct problems in speech recognition.
Proceedings Article
Fast algorithms for mining association rules
TL;DR: Two new algorithms for solving thii problem that are fundamentally different from the known algorithms are presented and empirical evaluation shows that these algorithms outperform theknown algorithms by factors ranging from three for small problems to more than an order of magnitude for large problems.
Journal ArticleDOI
Clustering by Passing Messages Between Data Points
Brendan J. Frey,Delbert Dueck +1 more
TL;DR: A method called “affinity propagation,” which takes as input measures of similarity between pairs of data points, which found clusters with much lower error than other methods, and it did so in less than one-hundredth the amount of time.
Journal ArticleDOI
The viterbi algorithm
TL;DR: This paper gives a tutorial exposition of the Viterbi algorithm and of how it is implemented and analyzed, and increasing use of the algorithm in a widening variety of areas is foreseen.