中文摘要：

针对未知协议帧切分技术存在的效率较低的问题，提出基于前导码挖掘的未知协议帧切分技术。首先介绍前导码作为标识链路帧起始位置的原理，分析候选序列选取问题是现有频繁序列挖掘方法无法对长度较长的前导码进行挖掘的原因，并针对该原因以及前导码挖掘的特点提出从目标比特流中发现候选序列、基于候选序列集合大小变化特征的候选序列选取等改进方法；然后提出未知前导码长度的判定与挖掘方法，从挖掘的众多频繁序列中找出前导码序列，进而对帧进行切分；最后通过采集的真实数据对所提方法的有效性进行了验证。实验结果表明，所提方法能够快速准确地挖掘未知协议比特流中的前导码序列，相比现有方法降低了空间与时间复杂度。

英文摘要：

Concerning the poor efficiency in unknown protocol frame segmentation, an unknown protocol frame segmentation algorithm based on preamble mining was proposed. Firstly, the principle of the preamble being used as the start of frame was introduced. As the cause that the existing frequent sequence mining algorithm cannot mine long preamble directly, the problems in candidate sequence selection were analyzed. Combining with the characteristics of preamble, two methods for selecting candidate sequences from the target bit streams and selecting candidate sequence based on the variation of the size of candidate sequence set were given. Secondly, an algorithm inferring the length of preamble and mining the preamble was put forward for unknown protocol frame segmentation. Finally, experiments were conducted with real bit streams captured from the Ethernet. The experimental results show that the proposed algorithm can rapidly and accurately mine the preamble sequence in the bit stream of the unknown protocol with lower space and time complexity.