Network theft behavior detecting method based on HTTP flow analysis

A detection method and flow analysis technology, applied to electrical components, transmission systems, etc., can solve problems such as unpredictable difficulty and different communication protocols

Active Publication Date: 2017-12-08
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF6 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When implementing this detection method, at least the following difficulties exist: 1. The Trojan horse control terminal (that is, the C&C server) may not always be online in order to avoid detection; 2. The communication protocol between the Trojan horse and its control terminal may be designed by the network attacker himself. The non-public protocols used by different Trojan horses may use different communication protocols. The difficulty of identifying these non-public protocols is unpredictable

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network theft behavior detecting method based on HTTP flow analysis
  • Network theft behavior detecting method based on HTTP flow analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The present invention will be described in further detail below in conjunction with the examples, but the protection scope of the present invention is not limited thereto.

[0035] The invention relates to a network stealing behavior detection method based on HTTP flow analysis. Due to the obvious difference between the network behavior characteristics of malicious software when transmitting sensitive data and the behavior characteristics of human access to web servers under normal circumstances, through the analysis of tools based on HTTP protocol to transmit sensitive data and the network behavior characteristics of What are the abnormal behavior characteristics in the HTTP traffic; for a period of time, the HTTP traffic data generated by the computer equipment in the internal network of the unit (that is, the network protected by this detection method) to access the normal Web site is counted in multiple dimensions, as a reference, to determine The threshold for dete...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network theft behavior detecting method based on HTTP flow analysis. The method comprises the steps of establishing a C&C server blacklist database, acquiring DNS and HTTP protocol flow in a random time segment and performing analysis restoring, performing abnormal data elimination on HTTP traffic data generated in accessing a normal server, performing statistics, determining a to-be-determined abnormal behavior item and a detecting use threshold, detecting whether an abnormal behavior of a computer device in a network of an organization, if yes, performing alarming, storing a data packet in a database, and performing risk analysis and processing on alarming. According to the network theft behavior detecting method, network behavior characteristic analysis is performed on a tool and malicious software which transmit sensitive data based on an HTTP protocol, thereby determining an abnormal behavior characteristic. A threshold value is determined through performing statistics on the HTTP traffic at the network entrance of the organization, thereby identifying a sensitive data transmission behavior by a trojan horse on the attacked computer device. The network theft behavior detecting method has advantages of low alarm error rate, low alarm omission rate, high accuracy and high feasibility. The network theft behavior detecting method is suitable for organizations, individuals and large-scale high-speed network.

Description

technical field [0001] The present invention relates to the transmission of digital information, such as the technical field of telegram communication, and in particular to a HTTP flow-based method for analyzing the HTTP flow data entering and leaving the unit network to identify the behavior of the Trojan horse virus on the attacked computer equipment to transmit sensitive data Analytical network theft detection method. Background technique [0002] The firewall is an important tool in the network security system. It always checks the data packets entering and leaving the network it protects. The data packets that threaten the protected network will be intercepted by the firewall. [0003] However, firewalls in the prior art are not yet able to fully control malware infection and data leakage. One of the reasons is that commonly used protocols use reserved ports by default, and the firewall must allow traffic to pass through. The traffic sent by the computer to the web ser...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416H04L63/145
Inventor 程华才范渊李凯
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap