Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Learned profiles for malicious encrypted network traffic identification

A network traffic, malicious technology, applied in the field of improved malicious network traffic detection, can solve the problem of automatic malicious program detection system not working correctly, etc.

Active Publication Date: 2018-01-26
BRITISH TELECOMM PLC
View PDF5 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Bestuzhev highlights that malicious programs can be sent in encrypted form, causing existing automatic malware detection systems to work incorrectly ((Bestuzhev, 2010, www.securelist.com / en / blog / 208193235 / Steganography_or_encryption_in_bankers, retrieved February 2014)
Such encrypted malware would also be undetectable by the methods of Olivain et al., which rely on the delivery of unscrambled (unencrypted) traffic for detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Learned profiles for malicious encrypted network traffic identification
  • Learned profiles for malicious encrypted network traffic identification
  • Learned profiles for malicious encrypted network traffic identification

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] figure 1 It is a block diagram of a computer system suitable for the operation of the embodiment of the present invention. The central processing unit (CPU) 102 is communicably connected to the storage 104 and an input / output (I / O) interface 106 via a data bus 108. The storage section 104 may be any read / write storage device (such as a random access memory (RAM) or a non-volatile storage device). Examples of non-volatile storage devices include disk or tape storage devices. The I / O interface 106 is an interface for devices used for data input or data output, or both for data input and data output. Examples of I / O devices connectable to the I / O interface 106 include a keyboard, a mouse, a display (such as a monitor), and a network connection.

[0049] figure 2 It is a component diagram of the malicious encrypted traffic detector 200 according to the embodiment of the present invention. The detector 200 is a software, hardware, or firmware component for monitoring networ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method for identifying malicious encrypted network traffic associated with a malware software component communicating via a network, the method comprising: defining, for the malware, a portion of network traffic including a plurality of contiguous bytes occurring at a predefined offset in a network communication of the malware; extracting the defined portion of network traffic for each of a plurality of disparate network connections for the malware; evaluating a metric for each byte in each extracted portion; representing each extracted portion in a matrix data structure as an image of pixels wherein each pixel corresponds to a byte of the extracted portion; training a neural network based on the images for the extracted portions such that subsequent network traffic can be classified bythe neural network to identify malicious network traffic associated with the malware based on an image generated to represent the defined portion of the subsequent network traffic.

Description

Technical field [0001] The invention relates to the detection of malicious network transmissions. Specifically, the present invention relates to improved malicious network traffic detection. Background technique [0002] Malicious software (also known as computer malicious code or malicious program) is software intended to harm one or more computer systems directly or indirectly. Such harm can be manifested as: the destruction or prevention of the operation of the entire or part of the computer system; access to private, sensitive, secure and / or confidential data, software and / or computing facility resources; or implementation of illegal, Illegal or deceptive behavior. Malicious programs specifically include: computer viruses, worms, botnets, Trojan horses, spyware, adware, hacker programs, keyloggers, dialers, malicious browser extensions or plug-ins, and rogue security software. [0003] The spread of malicious programs can occur in many ways. Malicious programs can be delive...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416G06F17/141G06N3/08H04L63/0428H04L63/1441
Inventor F·艾尔-莫萨B·阿兹维恩G·卡洛斯
Owner BRITISH TELECOMM PLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com