Cluster system for binary data frame

摘要

Protocol reverse engineering is very important for information security. In the complex wireless network environment, in order to separate binary data frames for subsequent reverse protocol analysis, this paper proposes a frame cluster system designed for binary frames using complex protocol stacks. It first uses AC algorithm to get the frequent characteristics of the binary frames, then creatively uses the Apriori algorithm to explore the relationship between these characteristics and the 4-step pruning process to choose the most important characteristics, and finally uses the selected characteristics and their relationships, through the Kmeans algorithm to cluster the frames. Experiments show that the result is good, and if the protocol type field exist, it is possible to distinguish the layered relationships between different clusters.