信息网络安全

信息网络安全 ›› 2015, Vol. 15 ›› Issue (7): 26-31.doi: 10.3969/j.issn.1671-1122.2015.07.005

• • 上一篇    下一篇

一种基于特征字的FTP协议识别方法研究

王景中, 王伟萌()   

  1. 北方工业大学电子信息工程学院,北京 100144
  • 收稿日期:2015-06-04 出版日期:2015-07-01 发布日期:2015-07-28
  • 作者简介:

    作者简介: 王景中(1962-),男,内蒙古,教授,硕士,主要研究方向:信息安全;王伟萌(1990-),男,北京,硕士研究生,主要研究方向:信息安全。

  • 基金资助:
    国家自然科学基金[61371142];北京市创新团队建设提升计划[HT20130502];北京市属高等学校人才强教计划资助项目[PHR2012]

Research on FTP Protocol Identification Method Based on Tagged Word

Jing-zhong WANG, Wei-meng WANG()   

  1. College of Information and Electrical Engineering, North China University of Technology, Beijing 100144, China
  • Received:2015-06-04 Online:2015-07-01 Published:2015-07-28

RichHTML

5

PDF (PC)

198

摘要:

互联网的普及与发展,带动了互联网宽带业务的发展,同时把网络监管技术推向业界人士关注的视野中。网络监管部门和网络服务提供商需要通过网络监管技术来准确了解日趋复杂庞大的互联网流量。随着互联网技术的发展,一些传统网络监管技术逐渐失去原有作用。其中,现有网络FTP业务采用传统端口识别技术已经无法准确有效地判别出FTP协议。文章提出一种基于特征字的FTP协议识别方法,用以识别流经现有网络的FTP数据包,并准确检测出FTP协议。文章同时提出一种结合FTP协议默认端口识别与FTP协议特征字识别的方案,联合两种识别方法检测FTP流量。相比采用单一FTP协议默认端口识别方法,在不影响识别效率的情况下,联合识别方法提高了FTP协议识别准确性;相比采用单一FTP协议特征字识别方法,在不影响识别准确性的情况下,联合识别方法提高了识别效率。文章最后提出一种自动提取FTP特征的方法,用于对FTP协议自动进行分类。

关键词: FTP协议, 协议识别, 特征字检测, 协议自动分类

Abstract:

The development and popularization of the Internet lead to the development of the Internet broadband business, pushing the network supervision technology to the field of vision of people. Internet regulators and network service providers need to accurately understand the increasingly complicated Internet traffic through the network supervision technology. But, with the development of network technology, some traditional network supervision technologies gradually lose their original functions. Among them, traditional FTP port identification technology has been unable to identify the FTP protocol accurately. This paper proposes a FTP protocol identification method based on tagged word, in order to identify FTP data packets transferring on the existing network, and accurately detect the FTP protocol. This paper also puts forward a scheme, which combines with the FTP protocol port identification and FTP protocol tagged word identification. Compared with single FTP protocol port identification method, with no effect on identification efficiency, the scheme can improve the FTP protocol identification accuracy. Compared with single FTP protocol tagged word identification method, with no effect on identification accuracy, the scheme can improve the FTP protocol identification efficiency. In the end, this paper proposes an automatic extraction method of FTP features, which could classify the FTP protocols automatically.

Key words: FTP Protocol, protocols identification, tagged word detection, protocols automatic classification

中图分类号: