Table of Contents Author Guidelines Submit a Manuscript
Mathematical Problems in Engineering
Volume 2015 (2015), Article ID 962974, 9 pages
http://dx.doi.org/10.1155/2015/962974
Research Article

Capturing Uncertainty Information and Categorical Characteristics for Network Payload Grouping in Protocol Reverse Engineering

1School of Information Science and Technology, Sun Yat-Sen University, Guangzhou 510275, China
2School of Electronic and Information, Guangdong Polytechnic Normal University, Guangzhou 510665, China

Received 21 January 2015; Revised 11 May 2015; Accepted 12 May 2015

Academic Editor: Filippo Ubertini

Copyright © 2015 Jian-Zhen Luo et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. W. Cui, J. Kannan, and H. J. Wang, “Discoverer: automatic protocol reverse engineering from network traces,” in Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–14, USENIX Association, Berkeley, Calif, USA, 2007.
  2. Z. Lin, X. Zhang, and D. Xu, “Reverse engineering input syntactic structure from program execution and its applications,” IEEE Transactions on Software Engineering, vol. 36, no. 5, pp. 688–703, 2010. View at Publisher · View at Google Scholar · View at Scopus
  3. J. Caballero and D. Song, “Automatic protocol reverse-engineering: message format extraction and field semantics inference,” Computer Networks, vol. 57, no. 2, pp. 451–474, 2013. View at Publisher · View at Google Scholar
  4. J.-Z. Luo and S.-Z. Yu, “Position-based automatic reverse engineering of network protocols,” Journal of Network and Computer Applications, vol. 36, no. 3, pp. 1070–1077, 2013. View at Publisher · View at Google Scholar · View at Scopus
  5. H. C. Kim, Y. H. Choi, and D. H. Lee, “Efficient file fuzz testing using automated analysis of binary file format,” Journal of Systems Architecture, vol. 57, no. 3, pp. 259–268, 2011. View at Publisher · View at Google Scholar · View at Scopus
  6. C. Y. Cho, D. Babić, C. E. R. Shin, and D. Song, “Inference and analysis of formal models of botnet command and control protocols,” in Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS '10), pp. 426–439, October 2010. View at Publisher · View at Google Scholar · View at Scopus
  7. C. Leita, M. Dacier, and F. Massicotte, “Automatic handling of protocol dependencies and reaction to 0-day attacks with scriptgen based honeypots,” in Recent Advances in Intrusion Detection, D. Zamboni and C. Kruegel, Eds., vol. 4219 of Lecture Notes in Computer Science, pp. 185–205, Springer, Berlin, Germany, 2006. View at Publisher · View at Google Scholar
  8. J. Erman, M. Arlitt, and A. Mahanti, “Traffic classification using clustering algorithms,” in Proceedings of the SIGCOMM Workshop on Mining Network Data (MineNet '06), pp. 281–286, ACM, New York, NY, USA, 2006.
  9. J. Erman, A. Mahanti, and M. Arlitt, “Internet traffic identification using machine learning techniques,” in Proceedings of the 49th IEEE Global Telecommunications Conference (GLOBECOM '06), pp. 1–6, IEEE, San Francisco, Calif, USA, December 2006.
  10. J. Erman, A. Mahanti, M. Arlitt, I. Cohen, and C. Williamson, “Semi-supervised network traffic classification,” in Proceedings of the ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS '07), pp. 369–370, ACM, New York, NY, USA, June 2007. View at Publisher · View at Google Scholar · View at Scopus
  11. L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian, “Traffic classification on the fly,” ACM SIGCOMM Computer Communication Review, vol. 36, no. 2, pp. 23–26, 2006. View at Publisher · View at Google Scholar
  12. L. Bernaille and R. Teixeira, “Early recognition of encrypted applications,” in Passive and Active Network Measurement, S. Uhlig, K. Papagiannaki, and O. Bonaventure, Eds., vol. 4427 of Lecture Notes in Computer Science, pp. 165–175, Springer, Berlin, Germany, 2007. View at Publisher · View at Google Scholar
  13. M. Halkidi, Y. Batistakis, and M. Vazirgiannis, “On clustering validation techniques,” Journal of Intelligent Information Systems, vol. 17, no. 2-3, pp. 107–145, 2001. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at Scopus
  14. Z. Pawlak, “Rough classification,” International Journal of Man-Machine Studies, vol. 20, no. 5, pp. 469–483, 1984. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at Scopus
  15. Z. Pawlak, “Rough sets,” International Journal of Computer and Information Sciences, vol. 11, no. 5, pp. 341–356, 1982. View at Publisher · View at Google Scholar · View at MathSciNet · View at Scopus
  16. B. Walczak and D. L. Massart, “Rough sets theory,” Chemometrics and Intelligent Laboratory Systems, vol. 47, no. 1, pp. 1–16, 1999. View at Publisher · View at Google Scholar · View at Scopus
  17. D. Parmar, T. Wu, and J. Blackhurst, “MMR: an algorithm for clustering categorical data using Rough Set Theory,” Data and Knowledge Engineering, vol. 63, no. 3, pp. 877–891, 2007. View at Publisher · View at Google Scholar · View at Scopus
  18. IANA, Internet Assigned Numbers Authority (IANA), 2012, http://www.iana.org/assignments/port-numbers.
  19. A. N. Mahmood, C. Leckie, and P. Udaya, “An efficient clustering scheme to exploit hierarchical data in network traffic analysis,” IEEE Transactions on Knowledge and Data Engineering, vol. 20, no. 6, pp. 752–767, 2008. View at Publisher · View at Google Scholar · View at Scopus
  20. P. Lingras and G. Peters, “Applying rough set concepts to clustering,” in Rough Sets: Selected Methods and Applications in Management and Engineering, Advanced Information and Knowledge Processing, pp. 23–37, Springer, London, UK, 2012. View at Publisher · View at Google Scholar
  21. L. J. Mazlack, A. He, and Y. Zhu, “A rough set approach in choosing partitioning attributes,” in Proceedings of the 13th ISCA International Conference (CAINE '00), pp. 1–6, New Orleans, La, USA, March 2000.
  22. Y. Wang, Y. Xiang, and S.-Z. Yu, “Automatic application signature construction from unknown traffic,” in Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA '10), pp. 1115–1120, April 2010. View at Publisher · View at Google Scholar · View at Scopus
  23. Y. Wang, Y. Xiang, and S.-Z. Yu, “An automatic application signature construction system for unknown traffic,” Concurrency Computation Practice and Experience, vol. 22, no. 13, pp. 1927–1944, 2010. View at Publisher · View at Google Scholar · View at Scopus
  24. O. Georgieva, K. Tschumitschew, and F. Klawonn, “Cluster validity measures based on the minimum description length principle,” in Knowledge-Based and Intelligent Information and Engineering Systems, vol. 6881 of Lecture Notes in Computer Science, pp. 82–89, Springer, Berlin, Germany, 2011. View at Publisher · View at Google Scholar
  25. J. Rissanen, “Modeling by shortest data description,” Automatica, vol. 14, no. 5, pp. 465–471, 1978. View at Publisher · View at Google Scholar · View at Scopus
  26. J. Rissanen, “Universal coding, information, prediction, and estimation,” IEEE Transactions on Information Theory, vol. 30, no. 4, pp. 629–636, 1984. View at Publisher · View at Google Scholar · View at MathSciNet
  27. A. W. Moore and K. Papagiannaki, “Toward the accurate identification of network applications,” in Proceedings of the 6th International Conference on Passive and Active Network Measurement (PAM '05), pp. 41–54, 2005.
  28. M. Ye, K. Xu, J. Wu, and H. Po, “Autosig-automatically generating signatures for applications,” in Proceedings of the 9th IEEE International Conference on Computer and Information Technology (CIT '09), vol. 2, pp. 104–109, Xiamen, China, October 2009. View at Publisher · View at Google Scholar
  29. P. Haffner, S. Sen, O. Spatscheck, and D. Wang, “ACAS: automated construction of application signatures,” in Proceedings of the ACM SIGCOMM 1st Workshop on Mining Network Data (MineNet '05), pp. 197–202, ACM, August 2005. View at Publisher · View at Google Scholar · View at Scopus
  30. B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong, “Towards automated application signature generation for traffic identification,” in Proceedings of the IEEE/IFIP Network Operations and Management Symposium: Pervasive Management for Ubiquitous Networks and Services (NOMS '08), pp. 160–167, April 2008. View at Publisher · View at Google Scholar · View at Scopus