Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Encrypted traffic identification method based on load adjacent probability model

A probabilistic model and traffic identification technology, applied to electrical components, transmission systems, etc., can solve the problem of low accuracy of encrypted traffic identification methods

Active Publication Date: 2016-03-23
NAT UNIV OF DEFENSE TECH
View PDF4 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the problem that in the existing encrypted traffic identification method, the encrypted traffic identification method based on data load feature identification cannot identify the encryption protocol that has not customized protocol identification rules, and the encrypted traffic identification method based on data randomness identification is not accurate enough, the present invention On the basis of the existing data randomness identification method, for the first time, the encrypted traffic identification is improved by using the load adjacent characteristics of non-encrypted network traffic, and an encrypted traffic identification method based on the load adjacent probability model is provided.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encrypted traffic identification method based on load adjacent probability model
  • Encrypted traffic identification method based on load adjacent probability model
  • Encrypted traffic identification method based on load adjacent probability model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] Embodiments of the present invention will be further described in detail below in conjunction with examples.

[0046] The first step is to establish a load adjacent probability model.

[0047] The processing is described using a single packet network session as input. For ease of expression, the specially constructed data payload cannot reflect the real unencrypted traffic characteristics, but only shows the processing process.

[0048] Step 1.1 Initialization. Initialize the load adjacent record matrix A[256][256] and the adjacent probability relationship matrix B[256][256]. The initial values ​​of the matrix A and B are all 0.

[0049] Step 1.2 makes the input message data load DATA1="0x000x000x010x010x000x000x010x01" (hexadecimal representation, a total of 8 bytes), to obtain the adjacent times matrix A, see Table 1, wherein "0x00" is adjacent to "0x00" twice , "0x00" is adjacent to "0x01" twice, "0x01" is adjacent to "0x00" once, "0x01" is adjacent to "0x01" twic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an encrypted traffic identification method based on a load adjacent probability model, and aims to provide a high-accuracy universal encrypted traffic identification method which utilizes a non-encrypted flow characteristic. The encrypted traffic identification method is technologically characterized by comprising the steps of first step, inputting a non-encrypted network traffic, counting a number of times in which message data load bytes are adjacent, selecting number points for differentiating a high-probability adjacent relationship and a low-probability adjacent relationship, and constructing an adjacent probability relationship model; a second step, inputting a network session traffic, extracting an adjacent characteristic and a random characteristic, and simultaneously acquiring a data random characteristic based on an information entropy; and a third step, transmitting the adjacent characteristics and the random characteristics of the non-encrypted traffic and the encrypted traffic as an input into a classification engine based on machine learning, and furthermore performing encrypted traffic identification based on the adjacent characteristic and the random characteristic of an unknown traffic. Compared with an existing principal encrypted traffic identification method, the encrypted traffic identification method has advantages of realizing universal identification on unknown encrypted protocol traffic and effectively improving identification accuracy.

Description

technical field [0001] The invention relates to a network traffic identification method, in particular to an encrypted traffic identification method based on a load adjacent probability model. Background technique [0002] Currently, more and more network protocols adopt encryption mechanism. On the one hand, communication encryption contributes to security and privacy protection, and on the other hand, it also becomes a barrier for criminals to evade security monitoring and management. Encrypted traffic identification is of great significance to the analysis of cybercrime behavior. [0003] Encryption is the process of converting plaintext into unrecognizable ciphertext, making it impossible for unauthorized people to identify and tamper with it. The essence of encrypted traffic is encrypted data generated by encryption protocol interaction. Encrypted traffic identification methods are mainly divided into two categories: (1) identification based on data payload features....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/0428H04L63/1408
Inventor 孙一品庞立会陈曙晖王飞钟求喜张博锋刘宇靖徐成成闫晓明
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com