A novel method for delimiting frames of unknown protocol

Abstract

Protocol reverse from network traces is widely used in the field of network security. But most of the studies focuse on application-level unknown protocols in Ethernet network system. However, in some special wireless systems, the protocol stack is proprietary. It is in urgent need to do the study on the unknown protocol stack. This paper proposed a new method to delimit frames in the bit stream which generated by signal process. By fully exploiting the characteristics of the wireless protocol data, two levels of frequent items mining are employed and a comprehensive index is applied to recognize the preamble. In the experiment, the method is indicated effective.