Unknown Binary Protocol Recognition Algorithm Based on One Class of Classification and One-Dimensional CNN

Abstract

In order to solve the problem that there are a large number of unknown protocols on the network, which affect the network management and network security in varying degrees, an unknown binary protocol identification method is proposed. On the premise that the center cluster of unknown protocols is obtained by the clustering algorithm, the unknown protocols for network traffic are identified by combining one-class of classification with one-dimensional CNN classification technology. At first, a class of classification algorithm is used to select the unknown protocols, and then, the labeled protocol data obtained by clustering are used to train the one-dimensional CNN model, and the classified binary protocol packets are directly used as the input of the one-dimensional convolution neural network. After the classification of the CNN model, the unknown protocols are finally identified. The experimental results show that the proposed classification and recognition method is better than the traditional CNN and SVM algorithms, and the maximum frequency pooling is better than the traditional pooling method.