The Application Layer Protocol Identification Method Based on Semisupervised Learning

Abstract

Application layer protocol identification problem is the premise and foundation of network security monitoring, intrusion detection and other network control system. With the gradual development of network applications, new application layer protocol will produce, therefore bringing the difficulty to identify and update protocols. Although current supervised-based learning method can overcome low accuracy and high time complexity issue of traditional method, yet it is limited by the number of labeled data and also cannot adapt to the rapid updating of the application layer protocols, and it is restricted in further promotion. Accordingly, we propose a semi-supervised learning method to solve the above two issues. Firstly, we adopt Affinity Propagation (AP)clustering algorithm to cluster the mixed data which contains a small labeled data and large unlabeled data. Secondly, we use the labeled data to map the clustering result to specific network application. Evaluation shows that the proposed method is effective in both specific network applications and new protocol identification.