CN-122001963-A - Network protocol collaborative combination analysis method based on tree-shaped hierarchical structure

Abstract

The invention relates to the technical field of protocol analysis, in particular to a network protocol collaborative combination analysis method based on a tree-shaped layered structure, which comprises the following steps of obtaining different network protocol analysis requirements, training a basic network protocol analysis model and a coarse granularity model, obtaining a hierarchical structure through analyzing the coarse granularity of application requirements, constructing the tree-shaped layered structure through identifying and combining network protocol analysis models of the same hierarchy, extracting a model identification result and an operation relation in the tree-shaped layered structure, designing a two-dimensional mapping table, guiding input flow through the two-dimensional mapping table, analyzing the tree-shaped structure layer by layer, positioning the next step through each operation result until the requirements are met, and obtaining a high-efficiency collaborative analysis flow. The invention solves the problems of high model training difficulty, high resource consumption and accumulated error along with layer propagation when a single network protocol analysis algorithm faces to the requirement of multi-granularity and multi-layer hybrid application.

Inventors

• Request for anonymity

Assignees

• 上海飞旗网络技术股份有限公司

Dates

Publication Date

20260508

Application Date

20251229

Claims (9)

1. 1. The network protocol cooperative combination analysis method based on the tree-shaped layered structure is characterized by comprising the following steps of: different network protocol analysis requirements are obtained, a basic network protocol analysis model and a coarse-grained model are trained, each model is ensured to meet specific identification requirements, and a high-precision basic model library is obtained through verification and optimization; The method comprises the steps that through analyzing the granularity of application requirements, a basic model is organized according to layers, an upper model is responsible for coarse classification, a lower model is responsible for fine classification, and useless data is filtered through layers to obtain a layer structure model; The recognition deviation of the model in the hierarchical structure is quantized through error analysis, parameters are adjusted, data are added to reduce error propagation, the high recall rate of the upper model is ensured through optimization, and the hierarchical structure with optimized error is obtained; Acquiring a hierarchical structure, constructing a tree-shaped hierarchical structure by identifying and combining network protocol analysis models of the same hierarchy, and obtaining a tree-shaped hierarchical analysis framework by representing the model by nodes and representing the data stream by edges; extracting a model identification result and an operation relation in a tree-shaped layered architecture, designing a two-dimensional mapping table, and rapidly positioning the next operation through the encoding of the abscissa and the ordinate to obtain the mapping table and the encoding rule; And guiding the input flow through a two-dimensional mapping table, analyzing the input flow layer by layer according to a tree structure, and positioning the next step through each operation result until the requirements are met, so as to obtain a high-efficiency collaborative analysis flow.
2. 2. The network protocol collaborative combination analysis method based on the tree hierarchical structure according to claim 1, wherein the obtaining of different network protocol analysis requirements, training of a basic network protocol analysis model and a coarse-grained model, ensuring that each model meets specific identification requirements, and obtaining a high-precision basic model library through verification and optimization, comprises the following steps: Training a basic network protocol analysis model by adopting deep learning and spanning tree algorithm according to different network protocol analysis requirements, and constructing a model for classifying large network protocol traffic for coarse-granularity recognition tasks; Model verification is carried out through a large-scale data set, identification accuracy and recall rate indexes are extracted, and model performance is evaluated; And (3) carrying out parameter adjustment and data enhancement optimization on the model which does not reach the standard, and integrating the high-precision model which meets the specific identification requirement and has stable performance through iterative training to obtain a basic model library covering the multi-granularity requirement.
3. 3. The network protocol collaborative combination analysis method based on a tree hierarchical structure according to claim 1, wherein the basic model is organized according to a hierarchy by analyzing the granularity of application demands, the upper model is responsible for coarse classification, the lower model is responsible for fine classification, and the garbage data is filtered through the hierarchy to obtain a hierarchical structure model, comprising the following steps: according to the granularity of the application demands, deep analyzing the characteristics of the granularity of the application demands, classifying and organizing the basic model according to the granularity level of the identification task, and constructing a level frame; the hierarchical framework comprises an upper model and a lower model, wherein the upper model adopts wide features to carry out rapid rough classification, effectively filters irrelevant data flow and reduces lower processing burden; aiming at the upper layer output result, the lower layer model uses fine characteristics to carry out deep fine classification, and the upper layer model and the lower layer model are connected in series according to a logic relationship through layer-by-layer data filtering and task decomposition, so that a hierarchical structure model system with high-efficiency filtering capability and accurate recognition performance is obtained.
4. 4. The network protocol collaborative combination analysis method based on a tree hierarchy according to claim 1, wherein the method comprises the steps of quantifying the recognition deviation of a model in the hierarchy by error analysis, adjusting parameters, adding data to reduce error propagation, and ensuring high recall rate of an upper model by optimization to obtain an error optimized hierarchy, and comprises the following steps: Carrying out error analysis on each model identification result in the hierarchical structure by adopting a confusion matrix, and quantifying the misjudgment quantity and proportion of positive and negative samples; positioning error accumulation key nodes by extracting error propagation paths, and aiming at error sources, adjusting model parameters such as learning rate and iteration times, and supplementing a targeted data enhancement training set; And optimizing an upper model, improving the capturing capability of the upper model to the target flow, ensuring high recall rate to reduce error transfer to a lower layer, and reserving a structure with obviously reduced error and stable hierarchy cooperative performance through multiple rounds of iterative optimization to obtain a hierarchy structure with enhanced error control capability.
5. 5. The network protocol collaborative combination analysis method based on a tree hierarchical structure according to claim 1, wherein the obtaining the hierarchical structure constructs the tree hierarchical structure by identifying and merging network protocol analysis models of the same hierarchy, and represents a data stream by nodes and edges to obtain a tree hierarchical analysis architecture, and the method comprises the following steps: acquiring the hierarchical structure, and identifying network protocol analysis models with repeated functions in different hierarchies by adopting a model similarity analysis technology; combining and optimizing equivalent models of the same level through parameter comparison and performance evaluation, constructing a tree structure by adopting a graph theory method, abstracting each model into nodes, and abstracting data input-output relations among the models into directed edges; And ensuring unidirectional transmission of the data stream through topological sequencing to obtain a tree-shaped hierarchical analysis framework with clear hierarchy.
6. 6. The network protocol collaborative combination analysis method based on a tree-shaped layered structure according to claim 1, wherein the method is characterized in that the method extracts the model identification result and the operation relation in the tree-shaped layered structure, designs a two-dimensional mapping table, and rapidly locates the next operation through the abscissa encoding to obtain the mapping table and the encoding rule, and comprises the following steps: Extracting an identification result and a subsequent operation requirement of model output in a tree-shaped layered architecture, and establishing a mapping relation by adopting a two-dimensional table form; Arranging model results from bottom to top according to tree levels through longitudinal codes, and sorting operation instructions according to application requirements and model number priorities through transverse codes; mapping the model output label to an ordinate and the operation type to an abscissa to form a two-dimensional mapping table containing coordinate positioning and operation guidance; and (3) realizing the rapid matching of the model result and the operation path through a preset coding rule, and obtaining a standardized mapping table and a high-efficiency coding scheme supporting multi-level collaborative recognition.
7. 7. The network protocol collaborative combination analysis method based on a tree hierarchical structure according to claim 1, wherein the input flow is guided by a two-dimensional mapping table, analyzed layer by layer according to the tree hierarchical structure, and the next step is positioned by each operation result until meeting the requirement, so as to obtain a high-efficiency collaborative analysis flow, which comprises the following steps: introducing the input flow into the starting point of the tree-shaped hierarchical architecture, adopting a two-dimensional mapping table as analysis navigation, extracting the identification result of the current model, positioning the hierarchy in the ordinate of the mapping table, and acquiring the next operation instruction in the abscissa; Selecting a corresponding sub-node model for secondary analysis according to the guidance, repeating the positioning process by taking a new result as input, transmitting the new result layer by layer, filtering invalid flow by an upper model through a high recall rate, and extracting focusing target characteristics of a lower model; when the operation result triggers a preset termination condition and reaches a leaf node, stopping analysis and outputting the result to obtain the high-efficiency collaborative analysis flow with self-optimization capability.
8. 8. The network protocol collaborative combination analysis method based on the tree-shaped hierarchical structure according to claim 2, wherein a performance improvement rate formula of the network protocol analysis model is as follows: ; Wherein, the Is a model Identified contain the first A set of traffic for each target class, Is the total network protocol traffic that is to be sent, Representative by model A set of identified remaining network protocol traffic; When (when) Above 0, this indicates that the model is model Has the function of improving the performance when And (3) with The smaller the performance improvement, the greater the performance improvement, indicating a model The greater the improvement in overall performance.
9. 9. The network protocol collaborative combination analysis method based on a tree hierarchy according to claim 2, wherein the accuracy and recall formulas are: ; ; where Precision is the Precision rate, recall is the Recall rate, The number of samples predicted to be true for positive samples, The number of samples predicted as false for the negative samples, The number of samples predicted to be false for positive samples, The number of samples predicted as false for the negative samples.

Description

Network protocol collaborative combination analysis method based on tree-shaped hierarchical structure Technical Field The invention belongs to the technical field of protocol analysis, and particularly relates to a network protocol collaborative combination analysis method based on a tree-shaped layered structure. Background With the rapid development of internet technology, the diversity and complexity of network applications are significantly increased, and higher requirements are put on network protocol analysis technology. When the traditional single network protocol analysis algorithm faces the mixed application requirements of multiple granularity and multiple layers, the problems of high model training difficulty, low recognition efficiency and the like are gradually exposed. Specifically, a single algorithm is difficult to meet the analysis requirements of different granularities and different levels, so that when large-scale and high-complexity network traffic is processed, the consumption of computing resources is large, the recognition speed is low, and the accuracy is difficult to guarantee. Especially, under the background that the data scale is continuously enlarged and the computing resources are relatively short, the traditional method reduces the overall processing speed due to the need of processing a large number of negative samples, and causes resource waste. In addition, model errors in the hierarchy are prone to propagation and accumulation with layers, further affecting the accuracy of the identification. Aiming at the problems of high model training difficulty and low recognition efficiency of a single network protocol analysis algorithm under the mixed application demands of multiple granularity and multiple layers, the network protocol collaborative combination analysis method based on a tree-shaped layered structure is provided. According to the invention, the network protocol analysis model capable of meeting each application requirement is trained, and a hierarchical structure of a plurality of network protocol analysis models is built according to the thickness granularity of the application requirement. On the basis, a tree-shaped layered structure of the network protocol analysis model is generated through the cooperative combination of a plurality of hierarchical structures, the cooperative combination of the models under the mixed application requirement is realized, and the filtering effect of the upper model on the useless samples is realized, so that the overall recognition efficiency is improved. Disclosure of Invention Aiming at the current situation, the invention provides a network protocol collaborative combination analysis method based on a tree-shaped layered structure, which can solve the problems of high model training difficulty, low recognition efficiency, high resource consumption and accumulated error along with layer propagation when a single network protocol analysis algorithm faces to the requirements of multi-granularity and multi-layer hybrid application. In order to achieve the above purpose, the present invention adopts the following technical scheme: The network protocol collaborative combination analysis method based on the tree-shaped layered structure comprises the steps of obtaining different network protocol analysis requirements, training a basic network protocol analysis model and a coarse-grained model, guaranteeing that each model meets specific identification requirements, obtaining a high-precision basic model library through verification and optimization, organizing the basic model according to layers through analysis of the coarse-grained granularity of application requirements, enabling an upper layer model to be responsible for coarse classification, enabling a lower layer model to be responsible for fine classification, filtering useless data through layers to obtain a hierarchical structure model, analyzing identification deviation of the model in the quantized hierarchical structure through errors, adjusting parameters, adding data to reduce error propagation, guaranteeing high recall rate of the upper layer model through optimization to obtain an error optimized hierarchical structure, obtaining the hierarchical structure, constructing a tree-shaped layered structure through identifying and combining network protocol analysis models of the same layers, representing data flows through nodes, obtaining a tree-shaped analysis hierarchical structure through extraction of model identification results and operation relations in the tree-shaped hierarchical structure, designing a two-dimensional mapping table, encoding through transverse coordinates, rapidly positioning next operation, obtaining a mapping table and encoding rules, guiding input flow through the two-dimensional mapping table, and enabling the tree-shaped structure to pass through the tree-shaped hierarchical structure to meet the requirements, and obtaining the hierarchic