SSL VPN protocol detection method based on flow analysis

A technology of traffic analysis and detection method, applied in the field of network security, can solve the problems of insufficient management and indistinguishable SSLVPN and HTTPS, etc., to achieve the effect of simple and high efficiency

Active Publication Date: 2010-10-06
SHANGHAI JIAOTONG UNIV
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, both SSL VPN and HTTPS use SSL protocol packets on TCP port 443, so how to distinguish them is a difficult problem
[0009] After investigation, there are no reports of work in this area at home and abroad. In the current security management, SSL VPN and HTTPS traffic are generally not distinguished. The main reason is that the two use the same protocol, and another reason is that the management is not enough. meticulous

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SSL VPN protocol detection method based on flow analysis
  • SSL VPN protocol detection method based on flow analysis
  • SSL VPN protocol detection method based on flow analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0065] Below in conjunction with the accompanying drawings, the embodiments of the present invention are described in detail: the present embodiment is implemented on the premise of the technical solution of the present invention, and provides detailed embodiments and specific operation processes, but the protection scope of the present invention is not limited to the following described embodiment.

[0066] like figure 1 As shown, the SSL VPN monitoring system is divided into two parts: the central end and the proxy end. The present embodiment is described in detail in conjunction with the SSL VPN monitoring system:

[0067] The proxy end distributes the mirror ports of switches configured in the border network of each unit. The proxy end has two network interfaces, one is used to capture packets and the other is used to communicate with the central end. The SSL VPN traffic flows through the switches of the border network and is captured by the monitoring system proxy, inclu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a detecting method of an SSL VPN protocol based on flow analysis, which is used for the field of network security. The method of the invention comprises the steps that: firstly, circular monitoring is carried out by opening the promiscuous mode of a network card on an intelligent agent or probe machines; a BPF filter is arranged to fetch HTTPS messages which comprise possibly existing SSL VPN messages; SSL VPN detection method is carried out to the fetched messages. The method of the invention detects that whether the flow is applied to HTTPS or to SSL VPN according to time-domain features of the SSL VPV communication flow and a plurality of handshake protocol features when the VPN is established. By using an HASH table to substitute for database querying, the method of the invention has high speed and is simple and stable.

Description

technical field [0001] The invention relates to a protocol detection method in the field of network security, in particular to a traffic analysis-based SSL VPN protocol detection method. Background technique [0002] Secure Socket Layer (SSL) is used to ensure the security of data transmission on the Internet. Using data encryption technology, it can ensure that data will not be intercepted and eavesdropped during the transmission process on the network. The SSL protocol is located between the TCP / IP protocol and various application layer protocols, providing security support for data communication. [0003] HTTPS is a secure hypertext transfer protocol, which is a secure HTTP channel, in short, a secure version of HTTP. That is, the SSL layer is added under HTTP, and the HTTPS protocol uses port 443 instead of port 80 to communicate with TCP / IP like HTTP. [0004] SSL VPN works between the transport layer and the application layer, and uses the SSL protocol that comes wit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 蒋兴浩周志洪李建华张月国蔡伟
Owner SHANGHAI JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap