Encrypted application identification and encrypted webpage content classification methods, and encrypted application identification and/or encrypted webpage content classification devices

A technology for application identification and web page content, applied in the field of network application security, it can solve the problems of random data, large amount of calculation, and no obvious packet-length sequence characteristics in the data stream, and achieve the effect of ensuring accuracy and efficient identification.

Inactive Publication Date: 2015-12-09
BEIJINGNETENTSEC
View PDF4 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] 1) After the transmitted content is encrypted, the payload content of the connection data is all ciphertext, which does not contain matching features
[0011] 2) The transmitted data is random, and the data stream has no obvious packet length sequence characteristics
[0014] 2) Option 2 relies on the client's trust in forged certificates; relies on the server not requiring authentication of the client; requires a large amount of calculation, low efficiency; and has legal risks
[0015] 3) Scheme

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encrypted application identification and encrypted webpage content classification methods, and encrypted application identification and/or encrypted webpage content classification devices
  • Encrypted application identification and encrypted webpage content classification methods, and encrypted application identification and/or encrypted webpage content classification devices
  • Encrypted application identification and encrypted webpage content classification methods, and encrypted application identification and/or encrypted webpage content classification devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0072] figure 2 and image 3 It is a schematic diagram of the implementation flow of the encrypted application identification method provided in Embodiment 1 of the present invention, as shown in image 3 As shown, the encryption application identification method includes:

[0073] Step 110: Obtain connection data in the network, and determine that the connection data is DNS connection data.

[0074] In step 110, the device for identifying encrypted applications, or the device for identifying encrypted applications and classifying encrypted webpage content acquires and analyzes information in the connection data in the network. The connection data is any connection data in the network, and may include DNS connection data and the like.

[0075] Specifically, the device for identifying encrypted applications, or the device for identifying encrypted applications and classifying encrypted webpage content monitors the network and acquires the connection data.

[0076] Here, th...

Embodiment 2

[0094] Embodiment 2 is an HTTPS identification method. When the encryption application is HTTPS, the HTTPS identification method includes:

[0095] Obtain connection data in the network, and determine that the connection data is DNS connection data;

[0096] Obtaining a DNS feedback packet from the DNS connection data, the DNS feedback packet including an HTTPS domain name and an HTTPS server IP address;

[0097] Query whether the HTTPS server IP address is included in the application automatic matching table;

[0098] When the application automatic matching table does not include the HTTPS server IP address, query whether the application rule base includes the application identification corresponding to the HTTPS domain name, and when the application rule base includes the application identification corresponding to the HTTPS domain name , adding the HTTPS server IP address and the corresponding application identifier to the application automatic matching table.

[0099] F...

Embodiment 3

[0102] Figure 4 and Figure 5 It is a schematic diagram of the implementation flow of the method for classifying encrypted webpage content provided by Embodiment 3 of the present invention. It should be noted that the application type in the method for classifying encrypted webpage content is HTTPS. Such as Figure 5 As shown, the encrypted webpage content classification method includes:

[0103] Step 210: Obtain connection data in the network, and determine that the connection data is DNS connection data.

[0104] Step 220: Obtain a DNS feedback packet from the DNS connection data, where the DNS feedback packet includes an encrypted application domain name and a server network protocol IP address.

[0105] Step 230: When it is determined that the encryption application is HTTPS, check whether the IP address of the server is included in the classification automatic matching table.

[0106] Here, the category automatic matching table is pre-configured by the device for cl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an encrypted application identification method. The method comprises that connection data in the network is obtained, and the connection data is determined to be domain name system (DNS) connection data; a DNS feedback packet, which comprises the domain name of an encrypted application and the IP address of a server, is obtained from the DNS connection data, whether an automatic matching table of the application comprises the IP address of the server is checked; and if the automatic matching table of the application does not the IP address of the server, whether an application rule base includes an application identification corresponding to the domain name of the encrypted application is checked, and if yes, the IP address of the server and the corresponding identification are added to the automatic matching table of the application. The invention also discloses an encrypted webpage content classification method, an encrypted application identification device, an encrypted webpage content classification device and an encrypted application identification and encrypted webpage content classification device.

Description

technical field [0001] The invention relates to network application security technology, in particular to a method and device for identifying encrypted applications and classifying encrypted webpage contents. Background technique [0002] With the increase of network security requirements, encryption technology for network data is more and more widely used. Data encryption technology has been widely used in network data encryption transmission to protect users' private data. [0003] Taking the currently most widely used Secure Sockets Layer (SSL, SecureSocketsLayer) as an example, the SSL uses data encryption technology to ensure that data will not be intercepted and eavesdropped during network transmission, thereby ensuring the security of data transmission on the Internet. The SSL protocol is located between the Transmission Control Protocol / Internet Protocol (TCP / IP, Transmission Control Protocol / Internet Protocol) protocol and various application layer protocols, and pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0428H04L61/4511
Inventor 马勇
Owner BEIJINGNETENTSEC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap