Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review
}
TY - GEN
T1 - Using of NLP Methods to Separate Traffic Packets of Different Protocols
AU - Rusinova, Zalina
AU - Chernyshov, Yury
PY - 2023/5/15
Y1 - 2023/5/15
N2 - Trace analysis is a protocol reverse engineering technique that aims to determine the behavior of unknown network protocols by examining network messages. One of the possible steps in the trace analysis may be to divide the traffic dump into separate groups in accordance with the protocol stacks of the packets. In this article, we propose an unsupervised learning method in which we use NLP approaches to get package embeddings and then divide them into groups using clustering. This method can be applied to raw packet data and does not require any domain knowledge to extract the relevant features. The results show that the obtained embeddings successfully capture the semantic information underlying the protocols and allow us to divide the traffic dump into clusters containing packets with the same protocol stack. The developed method of grouping network packets makes it possible to increase the efficiency of the network packet analysis process by jointly analyzing packets belonging to the same unknown protocol.
AB - Trace analysis is a protocol reverse engineering technique that aims to determine the behavior of unknown network protocols by examining network messages. One of the possible steps in the trace analysis may be to divide the traffic dump into separate groups in accordance with the protocol stacks of the packets. In this article, we propose an unsupervised learning method in which we use NLP approaches to get package embeddings and then divide them into groups using clustering. This method can be applied to raw packet data and does not require any domain knowledge to extract the relevant features. The results show that the obtained embeddings successfully capture the semantic information underlying the protocols and allow us to divide the traffic dump into clusters containing packets with the same protocol stack. The developed method of grouping network packets makes it possible to increase the efficiency of the network packet analysis process by jointly analyzing packets belonging to the same unknown protocol.
UR - http://www.scopus.com/inward/record.url?partnerID=8YFLogxK&scp=85164937218
U2 - 10.1109/USBEREIT58508.2023.10158858
DO - 10.1109/USBEREIT58508.2023.10158858
M3 - Conference contribution
SP - 344
EP - 347
BT - Proceedings - 2023 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology, USBEREIT 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)
Y2 - 15 May 2023 through 17 May 2023
ER -
ID: 41986195