@article{ME25838A8,
title = "Protocol Structure and Sequence Detection Method for Multi-Protocol Analysis",
journal = "The Journal of Korean Institute of Communications and Information Sciences",
year = "2024",
issn = "1226-4717",
doi = "10.7840/kics.2024.49.4.556",
author = "Hyunwoo Cho, Jihwan Park, Myoungho Chae, Haeyoung Lee, Wansu Lim",
keywords = "protocol reverse engineering, protocol, sequence detection, contiguous sequence pattern (CSP) algorithm, cyberattack",
abstract = "This paper introduces a protocol structure and sequence detection method designed for multi-protocol analysis in the field of protocol reverse engineering, with the aim of mitigating cyber threats such as malware and system hacking. Multi-protocol data, involving two or more undefined protocols, requires effective protocol classification. To address this, our study employs a hierarchical clustering method for multi-protocol classification, enhancing the performance and reducing the computational complexity of the protocol structure and sequence detection algorithm by removing payload of messages. The proposed method is evaluated using both a frequent sequence detection algorithm with a sliding window and a Contiguous Sequential Pattern (CSP) algorithm for protocol structure and sequence detection. Results demonstrate that the inclusion of hierarchical clustering and payload removal in both the frequent sequence detection algorithm and the CSP algorithm leads to notable performance enhancements."
}