Application Layer Protocol Identification Method Based on ResNet
Most network attacks occur at the application layer, where many application layer protocols exist. These protocols have different structures and functionalities, posing feature extraction challenges and resulting in low identification accuracy. This significantly affects application layer protocol r...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Algorithms |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1999-4893/18/1/52 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Most network attacks occur at the application layer, where many application layer protocols exist. These protocols have different structures and functionalities, posing feature extraction challenges and resulting in low identification accuracy. This significantly affects application layer protocol recognition, analysis, and detection. We propose a data protocol identification method based on a Residual Network (ResNet) to address this issue. The method involves the following steps: (1) utilizing a delimiter determination algorithm based on information entropy proposed in this paper to determine an optimal set of delimiters; (2) segmenting the original data using the optimal set of delimiters and constructing a feature data block frequency table based on the frequency of segmented data blocks; (3) employing a composite-feature-based RGB image generation algorithm proposed in this paper to generate feature images by combining feature data blocks and original data; and (4) training the ResNet model with the generated feature images to automatically learn protocol features and achieve classification recognition of application layer protocols. Experimental results demonstrate that this method achieves over 98% accuracy, precision, recall, and F1 score across these four metrics. |
|---|---|
| ISSN: | 1999-4893 |