Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Behavior-characteristics-based method and system for identifying multiplexing protocol

A technology of protocol identification and behavior, applied in the field of Internet applications, can solve problems such as inaccurate identification, and achieve the effect of improving accuracy, precise statistics and control

Inactive Publication Date: 2013-06-26
OPZOON TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this case, general protocol identification products cannot accurately identify which specific protocol a connection belongs to

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Behavior-characteristics-based method and system for identifying multiplexing protocol
  • Behavior-characteristics-based method and system for identifying multiplexing protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0024] Under normal circumstances, the number of similar software running on a host at the same time is very small, and usually it is one type. For example, if QQ video is running, QQ music may not be running. Taking advantage of this phenomenon, an exploit behavior feature is invented A method for identifying multiplexing protocols. Behavior characteristics include historical behavior characteristics and real-time behavior characteristics: historical behavior characteristics refer to actions that have occurred on this host, and real-time behavior characteristics refer to actions that are currently occurring on this host. The present invention combines historical behavior...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a behavior-characteristics-based method and a behavior characteristics-based system for identifying a multiplexing protocol. The method comprises the following steps of: obtaining and analyzing messages applied by a plurality of specific protocols, and confirming the type of the multiplexing protocols adopted by the plurality of specific protocols; obtaining messages of the multiplexing protocols, extracting the common characteristics and the private characteristics of the multiplexing protocols, and compiling to form a feature library and loading; scanning connecting flow generated by a host machine, recoding the behavior if the private characteristics are available in a connection matching command, and setting an overtime; if the common characteristics are available in the connection matching command, querying whether or not the host machine has the record behavior or whether or not the host machine has the real-time behavior, and identifying that the connection is a protocol which corresponds to the record behavior if the record behavior is available; and if the real-time behavior is available, identifying that the connection is a protocol which corresponds to the real-time behavior, otherwise continuously scanning. According to the invention, each specific protocol under the multiplexing protocols can be effectively identified, and the protocol identification precision can be improved.

Description

technical field [0001] The invention relates to the technical field of Internet applications, in particular to a method and system for identifying multiplexing protocols based on behavioral characteristics. Background technique [0002] The initial protocol identification is to identify the content of a single message. This identification method scans the content of the message and performs character matching on the characteristic string. After hitting the preset characteristic string of a certain protocol, it is recognized as the protocol. This method is accurate in identification. The rate is high, but it cannot handle encrypted protocols. In order to identify the encryption protocol, fuzzy identification has appeared. This method is to identify the connection. It mainly uses the statistical method to build the model. The statistical objects include: IP address, port, message length sequence and message time stamp sequence, etc., and then Statistical features are used to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 董茂培陈金达杨宇云余兆许晶刘伟祝方方
Owner OPZOON TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com