基於訊息長度序列之網路流量辨識系統及其方法

Abstract

一種基於訊息長度序列之網路流量辨識系統，包括：預存對應各種網路應用程式之長度共用子序列集合的資料庫、用於收集網路流量的流量收集模組、將網路流量拆解成多條連線並產生對應每一連線之長度特徵序列的流量拆解模組、比對長度特徵序列與資料庫中各種網路應用程式之長度共用子序列集合的辨識模組、以及判定所偵測之連線為已知網路應用程式或未知網路應用程式的判定模組。透過本發明之萃取連線行為特徵作網路流量辨識，可解決現有加密通訊或刻意隱藏封包內容之應用程式的偵測問題。 Proposed is a traffic classification system based on message size sequence, comprising: a collection for common message size subsequence corresponding to a variety of network applications, a traffic collection module for collecting network traffic, a traffic decomposition module for decomposing the network traffic into multiple flows and producing a message size sequence corresponding to each flow, a flow classification module for comparing the message size sequence with the common message size subsequence collections of each network application in the database, and an arbitration module for determining the flow to be a known or an unknown network application. The present invention uses extraction of flow behavior characteristics for network traffic identification to resolve existing application packet detection issues about encrypted communication or deliberately hiding contents.