Abstract
The protocol reverse engineering technique can be used to extract the specification of an unknown protocol. However, there is no standardized method, and in most cases, the extracting process is executed manually or semiautomatically. Since only frequently seen values are extracted as fields from the messages of a protocol, it is difficult to understand the complete specification of the protocol. Therefore, if the information about the structure of an unknown protocol could be acquired in advance, it would be easy to conduct reverse engineering. As such, one of the most important techniques for classifying unknown protocols is a feature extraction algorithm. In this paper, we propose a new feature extraction algorithm based on average histogram for classification of an unknown protocol and design unknown protocol classifier using deep belief networks, one of deep learning algorithms. In order to verify the performance of the proposed system, we performed the training using eight open protocols to evaluate the performance using unknown data. Experimental results show that the proposed technique gives significantly more reliable results of about 99% classification performance, regardless of the strength of the modification of the protocol.
Similar content being viewed by others
References
Cui W, Kannan J, Wang HJ (2007) Discoverer: automatic protocol reverse engineering from network traces, pp 199–212
Wondracek G, Comparetti PM, Kruegel C, Kirda E (2008) Automatic network protocol analysis. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 08)
Cui W, Peinado M, Chen K, Wang HJ, Irun-Briz L (2008) Tupni: automatic reverse engineering of input formats. In: Proceedings of the 15th ACM Conference on Computer and communications security, pp 391–402
Zhang J, Chen X, Xiang Y, Zhou W, Wu J (2015) Robust network traffic classification. IEEE/ACM Trans Netw 23(4):1257–1270
Lin R, Li O, Li Q, Liu Y (2015) Unknown network protocol classification method based on semi-supervised learning. In: IEEE International Conference on Computer and Communications (ICCC), pp 300–308
Yu H, Zhao Y, Xiong G, Guo L, Li Z, Wang Y (2014) POSTER: mining elephant applications in unknown traffic by service clustering. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, pp 1532–1534
McGregor A, Hall M, Lorier P, Brunskill J (2004) Flow clustering using machine learning techniques. In: Proceedings of Passive and Active Measurement Workshop (PAM2004), Antibes Juan-les-Pins, France
Cao K, Kim H, Hwang C, Jung H (2018) CNN-LSTM coupled model for prediction of waterworks operation data. J Inf Process Syst 14(6):1508–1520. https://doi.org/10.3745/JIPS.02.0104
Lee G-H (2019) Radar jamming technique prediction using deep learning. Thesis, Chungnam National University
He K, Zhang X, Ren S, Sun J (2015) Delving deep into rectifiers: surpassing human-level performance on ImageNet classification. In: International Conference on Computer Vision (ICCV)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jung, Y., Jeong, CM. Deep neural network-based automatic unknown protocol classification system using histogram feature. J Supercomput 76, 5425–5441 (2020). https://doi.org/10.1007/s11227-019-03108-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-019-03108-w