TY  - JOUR
T1  - Protocol Structure and Sequence Detection Method for Multi-Protocol Analysis
AU  - Cho, Hyunwoo 
AU  - Park, Jihwan 
AU  - Chae, Myoungho 
AU  - Lee, Haeyoung 
AU  - Lim, Wansu 
JO  - The Journal of Korean Institute of Communications and Information Sciences
PY  - 2024
DA  - 2024/1/1
DO  - 10.7840/kics.2024.49.4.556
KW  - protocol reverse engineering
KW  - protocol
KW  - sequence detection
KW  - contiguous sequence pattern (CSP) algorithm
KW  - cyberattack
AB  - This paper introduces a protocol structure and sequence detection method designed for multi-protocol analysis in the field of protocol reverse engineering, with the aim of mitigating cyber threats such as malware and system hacking. Multi-protocol data, involving two or more undefined protocols, requires effective protocol classification. To address this, our study employs a hierarchical clustering method for multi-protocol classification, enhancing the performance and reducing the computational complexity of the protocol structure and sequence detection algorithm by removing payload of messages. The proposed method is evaluated using both a frequent sequence detection algorithm with a sliding window and a Contiguous Sequential Pattern (CSP) algorithm for protocol structure and sequence detection. Results demonstrate that the inclusion of hierarchical clustering and payload removal in both the frequent sequence detection algorithm and the CSP algorithm leads to notable performance enhancements.