PSO-based feature extraction of unknown protocol data frame

In today's network information confrontation, due to security reasons, the protocols used by both parties are often undisclosed and the protocol format is unknown, and the communication data is in the form of the continuous and irregular bitstream. How to extract features without prior knowledge is an urgent problem to be solved. Therefore, this study proposes a method for the feature extraction of unknown protocol data frames based on the particle swarm optimization (PSO) algorithm to address the problem of low adaptability and low accuracy of frequent thresholds. Given the features of the bitstream data frames, the proposed method segments the bitstream data through Zipf's law. The PSO algorithm is employed to adapt the frequent threshold to the uncertainty of the unknown protocols, and the short frequent sequence is then obtained under the adaptive threshold. The continuous location information is then applied to splice the excavated short frequent sequences to determine the final frequent sequence set. To filter out the effective association rules, the chi-squared test is conducted to analyze the association rules mined between frequent sequences. According to the simulation results, the proposed method managed to achieve the frequent extraction of adaptive thresholds in different datasets, whereas its accuracy was higher than that of the comparison algorithm. Moreover, the method proposed in this paper has certain practical significance for theoretical research and application in this field.