76. Network Security Monitoring-Oriented Application-Level Protocol Identification Technology

Along with the development of the Internet and strengthening of network protocol, it becomes more and more difficult to monitor network. And some sensitive information have been leaked outside the application environment. Application protocol identification plays an important role in network security monitoring. With accurate application protocol identification, it can improve the accuracy and robustness of the Network Security Monitoring (NSM). A new method of application protocol identification based on classification and characteristic matching is proposed in this paper. According to the experiment, the method can enhance the accuracy of identification. In this paper, we outline the traditional methods of protocol identification, and then propose a layer protocol identification method based on classification and characteristics analysis, which is applied to NSM. The method classifies the identified data stream by coarseness to match the different characteristics, achieving the purpose of identifying more intrusion. Experimental results show that the method greatly improves the efficiency of protocol recognition.