Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review
}
TY - GEN
T1 - Variable Length Field Detection Algorithm for Zero Knowledge Complex Network Traffic Analysis
AU - Sinadskiy, Alexey
AU - Domukhovskii, Nikolai
PY - 2023/5/15
Y1 - 2023/5/15
N2 - The article describes a method for restoring the structure of network traffic with zero prior knowledge. The importance of the problem being solved is explained (government authorities requirements and recent incidents in the field of information security). A brief description of the existing approaches is given. The general architecture of the proposed method based on the previous research of the authors is described [5]. Incoming packets are divided into groups according to the format of the transmitted data, for each group a prediction is made of the presence of a field boundary for each offset inside the packet. Groups of packets with a prediction confidence value less than the specified one are processed by a method working with variable-length fields using the ideas of genetic algorithms: mutations are selected iteratively for a set of proposed boundaries, a quality metric is calculated for each mutation, the best mutations are transferred to the next step.
AB - The article describes a method for restoring the structure of network traffic with zero prior knowledge. The importance of the problem being solved is explained (government authorities requirements and recent incidents in the field of information security). A brief description of the existing approaches is given. The general architecture of the proposed method based on the previous research of the authors is described [5]. Incoming packets are divided into groups according to the format of the transmitted data, for each group a prediction is made of the presence of a field boundary for each offset inside the packet. Groups of packets with a prediction confidence value less than the specified one are processed by a method working with variable-length fields using the ideas of genetic algorithms: mutations are selected iteratively for a set of proposed boundaries, a quality metric is calculated for each mutation, the best mutations are transferred to the next step.
UR - http://www.scopus.com/inward/record.url?partnerID=8YFLogxK&scp=85164976245
U2 - 10.1109/USBEREIT58508.2023.10158856
DO - 10.1109/USBEREIT58508.2023.10158856
M3 - Conference contribution
SP - 324
EP - 327
BT - Proceedings - 2023 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology, USBEREIT 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 IEEE Ural-Siberian Conference on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT)
Y2 - 15 May 2023 through 17 May 2023
ER -
ID: 41989256