An unknown protocol syntax analysis method based on convolutional neural network

Abstract

AbstractIn recent years, a large number of botnets and dark networks rely on command and control channels of unknown protocol formats for communication, and with the development of Internet of Things technology, this problem becomes more prominent. The syntax analysis of the unknown protocol is helpful to measure the boundary of Botnet in the environment of Internet of things, so as to protect the network security. Based on the analysis of the characteristics of the current bitstream protocol data format, this article proposes an unknown protocol syntax analysis method based on convolutional neural network (CNN). First, the protocol data are preprocessed, and then the image is transformed. Next, the converted image is input to the convolution layer for convolution. After convolution, the data are flattened. Then the flattened data are put into the fully connected neural network. Finally, the unknown protocol is analyzed and predicted. The experimental results show that compared with the traditional feature extraction combine frequent item algorithm (CFI) and other neural network deep neural networks, CNN is 15% more accurate than CFI in the analysis of unknown protocol syntax, and it can accurately analyze and identify the unknown protocol.