Security protocol ciphertext information inference method based on subject interaction behavior

Abstract

The invention relates to a security protocol ciphertext information inference method based on the interaction behavior of a subject. According to a specific message format, the step information of the protocol-related message in the network is identified, that is, a certain data message is identified as belonging to the protocol during the operation process. In the Nth step, make full use of data information such as the protocol specification format, messages that can be monitored in the network system, and user online interaction behaviors. The ciphertext information can be calculated and recovered to a certain extent, which is suitable for security protocols using various cryptographic systems, and does not require additional monitoring programs to be deployed on the monitoring host. In actual application, the present invention has the advantages of wide application range, small limitation, fast analysis speed, etc., which helps to further strengthen the monitoring and management of the network, and improves the ability of the information system to resist malicious attacks.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method for inferring security protocol ciphertext information based on subject interaction behavior. Background technique [0002] Protocol identification is an important part of a large number of key network security applications, such as intrusion detection, network QoS, traffic monitoring, user behavior analysis, etc., which is of great significance to network administrators, service providers, and users. Based on network message data, identifying the protocol type adopted by the information system, and then analyzing user interaction behavior information is the key content of network protocol identification, which is helpful for monitoring and managing various network applications, and can effectively reduce the security risks faced by the system , to enhance the ability of the information system to resist malicious attacks. With the wide application of encryption technolog...

AI Technical Summary

Problems solved by technology

The analysis method based on network message flow information mainly captures network communication flow data, and performs analysis based on the flow port, plaintext data in the load, and statistical characteristics of data packets. This method takes the collected network data flow as the analysis object, and simply Use network traffic to analyze network protocols, but this method currently only analyzes plaintext protocols and cannot process ciphertext data, such as figure 1 and figure 2 As shown, based on the analysis of the SSL protocol encrypted handshake message by the famous network protocol analysis tool Wireshark, Wireshark can only identify the content of the message as ciphertext, but cannot further analyze and utilize any other features of the encrypted message; based on the target host The characteristics of the running status of the application program related to the above protocol is another way of thinking of network protocol analysis. With the help of a specific binary analysis platform, this method analyzes the data processing process of the application program on the host and then infers the corresponding plaintext structure and ciphertext structure of the ciphertext. The cryptographic algorithm used by the text

Although this type of method can process encrypted messages, it needs to obtain the application program information that executes the protocol on the target host and deploy specific monitoring tools in order to obtain information about the running process of the specific program. Therefore, the technical implementation of this type of method is complicated. , the application limitations are relatively large, and it cannot really meet the needs of data packet monitoring in the network environment, and in practical applications, this type of method will fail when the target program cannot be obtained

Images