Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Behavior-detection-based network traffic identification method and device

A network traffic and behavior technology, applied in the field of network security, can solve problems such as unsatisfactory analysis results, large amount of session uploaded data, limited session feature information, etc.

Inactive Publication Date: 2014-04-02
BEIJING VENUS INFORMATION TECH +1
View PDF6 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] (2) The Trojan horse control terminal plays the role of resource requester in the communication, so the session uploads a large amount of data
Therefore, due to the influence of initial value selection and local optimum, once the initial value selection is unreasonable, the analysis results of using this type of algorithm for Trojan horse detection are often very unsatisfactory
[0010] To sum up, although the current behavior-based detection technology is the best choice for Trojan horse detection, it has limited information on session features, and the current processing methods for session feature information are limited in terms of initial value selection and local optimization. characteristics, which seriously affect the detection of Trojan horses by behavior-based detection technology

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Behavior-detection-based network traffic identification method and device
  • Behavior-detection-based network traffic identification method and device
  • Behavior-detection-based network traffic identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] figure 2 It is a flowchart of an embodiment of realizing network traffic identification based on behavior detection in the present invention, such as figure 2 shown, including:

[0047] Step 200 , capturing data packet information of network traffic, and performing Transmission Control Protocol (TCP) session reassembly, so as to extract information of each TCP session flow.

[0048] It should be noted that capturing network data packet information will carry out TCP protocol analysis, which is common knowledge, even if the present invention is not described, those skilled in the art should be clear about this step.

[0049] According to the communication behavior characteristics of the Trojan horse in the interactive connection stage, the statistical characteristics of the TCP session are extracted, and the TCP session feature matrix is ​​established;

[0050] Step 201, according to the session features of the Trojan horse communication, extract 9 session statistica...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a behavior-detection-based network traffic identification method and a behavior-detection-based network traffic identification device. The method comprises the following steps of capturing data packet information of network traffic, and performing TCP (transmission control protocol) session recombination to extract information of each TCP session stream respectively; extracting information about session statistical characteristics of the information of each TCP session stream according to session characteristics of Trojan communication, and establishing corresponding TCP session characteristic matrix information; optimally clustering the TCP session characteristic matrix information to generate optimally-clustered information by adopting a bacterial foraging optimization-based clustering method; obtaining information about the network traffic type of each TCP session stream according to the optimally-clustered information. According to the method and the device, the TCP session streams are extracted to a data packet of the network traffic, the information about the TCP session statistical characteristics is obtained according to the session characteristics of Trojan communication to generate the TCP session characteristic matrix information, and the bacterial foraging optimization-based clustering method is used for optimally clustering the TCP session characteristic matrix information to obtain the information about the network traffic types of the TCP session streams.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and device for realizing network traffic identification based on behavior detection. Background technique [0002] As hacker attacks become increasingly organized and profitable, Advanced Persistent Threat (APT) has become the biggest threat to the information systems of governments and major enterprises. Trojan horse, as one of the important links of various intrusions, has become the focus of research on security issues. According to the sampling monitoring results of CNCERT / CC in 2012, the number of domestic and foreign Trojan horse or bot control server IPs reached 286,977, and the number of overseas Trojan horse or bot control server IPs reached 73,286, an average increase of 13.1% and 56.9% respectively compared with 2011. increase. my country's important information systems are also facing serious threats of cyber attacks. [0003] Unlike other malicious softwar...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/26
Inventor 万淼
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com