基于报文匹配与GRU-ATT模型的协议逆向分析方法
Protocol reverse analysis method based on message matching and GRU-ATT
付饶 1袁丁 1刘琦 1史晓桢 1李丹奇1
作者信息
- 1. 国网江苏省电力有限公司徐州供电分公司,徐州 221000
- 折叠
摘要
针对未知网络协议逆向分析中的报文分类问题,提出了一种基于报文交互匹配与GRU-ATT模型的未知网络协议逆向分析方法MemProRe,结合多序列比对和深度学习方法,采用基于注意力机制的CNN-GRU-Attention网络,在客户端与服务器端交互报文集合之间的一致性约束条件下,将双端报文分类的结果进行特征融合,从而实现未知网络协议的报文分类.实验结果表明,MemProRe方法能够有效解决报文分类的冗余问题,提升了报文分类的精确率约10%以上.
Abstract
Aiming at the problem of message classification in unknown network protocol reverse analysis,we pro-pose an unknown network protocol reverse analysis method based on message interaction matching and GRU-ATT model,named MemProRe.Coupled with multiple sequence alignment and deep learning methods,it adopts CNN-GRU-Attention network based on attention mechanism.Under the condition of consistency constraint of the interaction message set between the client and the server,the features of the double-end message classifica-tion results are fused to realize the message classification.The experimental results demonstrate that the MemPro-Re can effectively solve the problem of redundancy of message classification and improve the accuracy of message classification more than 10%.
关键词
协议逆向分析/多序列比对/报文交互匹配/门控循环单元/注意力机制Key words
protocol reverse analysis/multi sequence alignment/message end-to-end matching/gate recurrent unit/attention mechanism引用本文复制引用
出版年
2024
NETL
NSTL
万方数据