Formal Model and Algorithm for Zero Knowledge Complex Network Traffic Analysis

The article discusses methods for determining the network traffic structure with zero prior knowledge. The developed method of detecting field boundaries in network traffic containing more than one protocol at the network level, without a priori information about such traffic structure, is described...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2022 Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT) s. 298 - 301
Hlavní autoři: Sinadskiy, Alexey, Domukhovskii, Nikolai
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 19.09.2022
Témata:
Clustering algorithms
Knowledge engineering
Machine learning
Machine learning algorithms
network traffic analysis
Protocols
reverse engineering
Search methods
statistics
Telecommunication traffic
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The article discusses methods for determining the network traffic structure with zero prior knowledge. The developed method of detecting field boundaries in network traffic containing more than one protocol at the network level, without a priori information about such traffic structure, is described. The method consists of two parts: splitting network packets into groups, each of which has only one protocol at each network layer, and the search for field boundaries in each of these groups. It is proposed to divide traffic packets into clusters using a well-known method that calculates the distances between the data format in each packet. Method's refinement, which allows to reduce the resource intensity, is proposed in this work. The field boundary search method uses algorithms previously published by the authors, but differs in the use of additional statistical characteristics and the use of a machine learning model to search for characteristic figures of graphs of these characteristics. The article also describes the traffic on which the developed algorithms were tested.
DOI:10.1109/USBEREIT56278.2022.9923357