检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]中国电子科技集团公司第三十研究所,四川成都610041
出 处:《通信技术》2017年第2期277-286,共10页Communications Technology
摘 要:未知协议消息序列的聚类分析是进行未知协议逆向分析的关键步骤。尽管过去有非常多的序列聚类研究工作,但由于缺少有效评估序列相似性的手段以及缺少对协议消息序列特征的考虑,导致协议消息序列聚类仍是一个困难的任务。因此,提出一种Seq Cluster新的序列聚类算法。Seq Cluster的关键点,在于其采用一种新颖的序列相似度计算方式来评估序列之间的相似性。该序列相似度计算方式能够更加准确地反应序列之间的相似程度。Seq Cluster序列聚类算法不仅可以被用于序列聚类,还可以被用于实现噪声序列过滤、自定义相似度序列集合筛选等功能。利用HTTP协议消息序列,展示该聚类算法的三种不同用法,并通过多种不同类型的协议消息序列,验证了该算法的有效性。Clustering analysis of undocumented protocol sequences is a key step in reverse analysis of undocumented protocols. However, due to the lack of effective means for assessing the sequence similarity andof consideration on characteristics of the protocol message sequence, the protocol message sequence clustering still remains a difficult task. For this reason, SeqCluster an algorithm for precisely clustering sequences according to their structure similarity is proposed. The key property of SeqCluster is that the novel computational method is used to measure structural similarity of the sequences. The structural similarity evaluation mechanism could more accurately reflect the degree of similarity of between the sequences. The proposed clustering algorithm could be used both for sequence clustering and for noise sequence filtering, custom similarity sequence screening, etc. By using the HTTP protocol message sequence, the three different uses of the clustering algorithm are revealed. In addition, the effectiveness of the proposed algorithm is verified via protocol message sequences of muhiple different types.
分 类 号:TP391[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28
