Protocol Keywords Extraction Method Based on Frequent Item-Sets Mining

Network application identification technology is widely used in the fields of network management, network optimization and intrusion detection and so on. And among the methods, the DPI (Deep Packet Inspection) is the most popular one with high accuracy relaying on a small amount of payload data. However, DPI depends on the effective protocol keywords. In order to cope with the speed of the applications updating, we proposed a protocol keywords extraction method for unencrypted network applications based on frequent itemsets mining. It contains two major steps: Firstly, we generate candidate words by using unsupervised methods and reduce the word set size with rules of words length and position. Then, we extract effective protocol keywords with frequent item-sets mining method and remove the noise words and redundant words by evaluating the candidate word co-occurrence relationship. The experiment result shows that our method shrinks the size of the keywords set and is better at extracting the real protocol keywords compared with Proword.