【摘要】：在現(xiàn)代網(wǎng)絡(luò)通信環(huán)境中,隨著無(wú)線網(wǎng)絡(luò)相關(guān)技術(shù)的迅速發(fā)展及其廣泛部署,無(wú)線網(wǎng)絡(luò)通信中安全性需求日益突顯。由于無(wú)線網(wǎng)絡(luò)傳輸介質(zhì)為無(wú)線波,而這種介質(zhì)在本質(zhì)上就是開(kāi)放的,這使得網(wǎng)絡(luò)中傳輸?shù)臄?shù)據(jù)很容易被截獲,同時(shí)數(shù)據(jù)竊密者也可以使用未知或非常規(guī)協(xié)議來(lái)傳輸數(shù)據(jù)以達(dá)到攻擊目的;在網(wǎng)絡(luò)對(duì)抗方面,監(jiān)聽(tīng)者在偵查截獲到對(duì)方傳輸?shù)奈锢硇盘?hào)后,由于未知協(xié)議及其格式而無(wú)法從比特流中準(zhǔn)確地切割幀并解析幀格式;同時(shí),無(wú)線環(huán)境下的比特流協(xié)議幀定位與特征分析也是對(duì)上層未知協(xié)議數(shù)據(jù)識(shí)別和分析的重要基礎(chǔ),然而現(xiàn)有的協(xié)議特征分析技術(shù)大多致力于上層協(xié)議格式解析,而由于監(jiān)聽(tīng)者無(wú)法直接獲取對(duì)方數(shù)據(jù)的協(xié)議格式,在比特流中進(jìn)行幀定位和特征分析成為進(jìn)一步解析上層數(shù)據(jù)的重要基礎(chǔ),同時(shí)也是一個(gè)難點(diǎn)問(wèn)題。本文在對(duì)國(guó)內(nèi)外幀定位技術(shù)和未知協(xié)議特征分析技術(shù)進(jìn)行了分析總結(jié)和對(duì)多模式匹配算法、關(guān)聯(lián)規(guī)則挖掘算法、聚類算法和序列比對(duì)算法等相關(guān)算法研究的基礎(chǔ)上,提出了無(wú)線網(wǎng)絡(luò)環(huán)境下比特流協(xié)議幀定位與特征分析算法,并通過(guò)采集真實(shí)環(huán)境中數(shù)據(jù)進(jìn)行了一系列驗(yàn)證實(shí)驗(yàn),本文主要完成了以下研究工作:1.針對(duì)國(guó)內(nèi)外現(xiàn)有的幀定位技術(shù)的局限性,本文提出了在沒(méi)有先驗(yàn)知識(shí)的情況下通過(guò)頻繁串提取和關(guān)聯(lián)規(guī)則拼接來(lái)識(shí)別幀同步碼從而實(shí)現(xiàn)幀定位的方法。該方法利用了改進(jìn)的AC算法來(lái)實(shí)現(xiàn)對(duì)所有長(zhǎng)度為m的模式串統(tǒng)計(jì);同時(shí),考慮到算法性能問(wèn)題,提出了采用關(guān)聯(lián)規(guī)則挖掘算法進(jìn)行頻繁串拼接進(jìn)而發(fā)現(xiàn)比特流中的同步序列;最后,提出利用計(jì)算漢明距離來(lái)檢測(cè)比特流數(shù)據(jù)中同步碼出現(xiàn)位置以實(shí)現(xiàn)幀定位。2.為了在完整切割后的幀集合中進(jìn)一步分析協(xié)議特征,本文提出了基于聚類算法和改進(jìn)的序列比對(duì)算法的特征分析技術(shù),利用聚類算法將切分后的幀按照協(xié)議格式來(lái)進(jìn)行聚類。同時(shí),本文提出采用改進(jìn)的多序列比對(duì)算法和序列相應(yīng)位的相似度閾值提取各個(gè)未知協(xié)議幀中相應(yīng)的協(xié)議特征序列來(lái)標(biāo)識(shí)不同的協(xié)議格式。3.為了驗(yàn)證本文提出算法的有效性和準(zhǔn)確性,采集了真實(shí)環(huán)境下的無(wú)線網(wǎng)絡(luò)通信數(shù)據(jù)來(lái)進(jìn)行了驗(yàn)證實(shí)驗(yàn),提出了篩選準(zhǔn)確率,數(shù)據(jù)識(shí)別率和誤識(shí)別率等指標(biāo),對(duì)實(shí)驗(yàn)結(jié)果進(jìn)行評(píng)價(jià)。并采用四種典型的聚類算法對(duì)不同幀格式數(shù)據(jù)進(jìn)行聚類,并對(duì)其性能從時(shí)間消耗、資源消耗和準(zhǔn)確率等方面進(jìn)行了比較,總結(jié)了四種算法的優(yōu)點(diǎn)和局限性以及在幀聚類方法中不同適用場(chǎng)景。
[Abstract]:In the modern network communication environment, with the rapid development of wireless network related technology and its extensive deployment, the security requirements in wireless network communication become increasingly prominent. Because the wireless network transmission medium is wireless wave, and this medium is essentially open, which makes it easy to intercept the data transmitted in the network. At the same time, the data stealer can also use unknown or unconventional protocols to transmit data for the purpose of attack. In network countermeasures, the listener detects the physical signals transmitted by the other party. Because of the unknown protocol and its format, the frame can not be accurately cut and analyzed from the bitstream. At the same time, the frame location and feature analysis of the bitstream protocol in wireless environment is also an important basis for the identification and analysis of the upper layer unknown protocol data. However, most of the existing protocol feature analysis techniques are devoted to the upper layer protocol format analysis, but because the listener can not directly obtain the protocol format of the other party's data, Frame location and feature analysis in bitstream is an important basis for further analysis of upper layer data, and it is also a difficult problem. Based on the analysis and summary of frame localization technology and unknown protocol feature analysis technology at home and abroad, and the research of multi-pattern matching algorithm, association rule mining algorithm, clustering algorithm and sequence alignment algorithm, etc. In this paper, a frame localization and feature analysis algorithm for bitstream protocol in wireless network environment is proposed, and a series of verification experiments are carried out by collecting real data. In this paper, the following research work is accomplished: 1. In view of the limitations of existing frame localization techniques at home and abroad, this paper proposes a method to identify frame synchronization codes by frequent string extraction and association rule stitching without prior knowledge. In this method, the improved AC algorithm is used to realize the statistics of all pattern strings whose length is m, meanwhile, considering the performance of the algorithm, an association rule mining algorithm is proposed for frequent string splicing to discover the synchronous sequences in the bitstream. Finally, it is proposed to use the hamming distance to detect the position of the synchronization code in the bitstream data to realize the frame location. In order to further analyze the protocol features in the complete cut frame set, this paper proposes a feature analysis technique based on clustering algorithm and an improved sequence alignment algorithm, which uses the clustering algorithm to cluster the segmented frames according to the protocol format. At the same time, an improved multi-sequence alignment algorithm and the similarity threshold of sequence bits are proposed to extract the corresponding protocol feature sequences from each unknown protocol frame to identify different protocol formats. In order to verify the validity and accuracy of the proposed algorithm, the wireless network communication data in real environment are collected to carry out the verification experiment, and the selection accuracy, data recognition rate and error recognition rate are proposed. The experimental results were evaluated. Four typical clustering algorithms are used to cluster data in different frame formats, and their performance is compared in terms of time consumption, resource consumption and accuracy. The advantages and limitations of the four algorithms and their application in frame clustering are summarized.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN92

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 萬(wàn)國(guó)根;秦志光;;改進(jìn)的AC-BM字符串匹配算法[J];電子科技大學(xué)學(xué)報(bào);2006年04期

2 李偉明;張愛(ài)芳;劉建財(cái);李之棠;;網(wǎng)絡(luò)協(xié)議的自動(dòng)化模糊測(cè)試漏洞挖掘方法[J];計(jì)算機(jī)學(xué)報(bào);2011年02期

3 張紅云,劉向東,段曉東,苗奪謙,馬垣;數(shù)據(jù)挖掘中聚類算法比較研究[J];計(jì)算機(jī)應(yīng)用與軟件;2003年02期

4 張一嘉;;局域網(wǎng)鏈路層數(shù)據(jù)幀識(shí)別算法的設(shè)計(jì)與實(shí)現(xiàn)[J];通信對(duì)抗;2007年04期

5 孫超;;等幀長(zhǎng)信號(hào)幀長(zhǎng)度估計(jì)技術(shù)研究[J];無(wú)線電工程;2013年02期

相關(guān)碩士學(xué)位論文 前1條

1 李樹(shù)政;基于Snort系統(tǒng)快速模式匹配算法的研究[D];吉林大學(xué);2009年

，

本文編號(hào)：2120986