Malicious encrypted network traffic identification using fourier transform

A technology of Fourier transform and network flow, which is applied in the detection field of malicious network transmission, and can solve problems such as the incorrect operation of the automatic malicious program detection system

Active Publication Date: 2018-01-30
BRITISH TELECOMM PLC
View PDF5 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Bestuzhev highlights that malicious programs can be sent in encrypted form, causing existing automatic malware detection systems to work incorrectly ((Bestuzhev, 2010, www.securelist.com/en/blog/208193235/Stegan

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious encrypted network traffic identification using fourier transform
  • Malicious encrypted network traffic identification using fourier transform
  • Malicious encrypted network traffic identification using fourier transform

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] figure 1 is a block diagram of a computer system suitable for operation of embodiments of the invention. Central processing unit (CPU) 102 is communicatively connected to storage 104 and input / output (I / O) interface 106 via data bus 108 . The storage section 104 may be any read / write storage device such as a random access memory (RAM) or a non-volatile storage device. Examples of non-volatile storage devices include magnetic disk or tape storage devices. The I / O interface 106 is an interface to a device for data input or data output, or both. Examples of I / O devices connectable to I / O interface 106 include keyboards, mice, displays (such as monitors), and network connections.

[0053] figure 2 is a component diagram of a malicious encrypted traffic detector 200 according to an embodiment of the present invention. Detector 200 is a software, hardware, or firmware component for monitoring network traffic communicated over computer network 202 and for generating mali...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for identifying malicious encrypted network traffic communicated via a network between a first and second computer system, the method comprising: monitoring network traffic over the network to detect a network connection as a new network connection; identifying characteristics of the network connection to determine a protocol of the network connection; retrieving a definition of a portionof network traffic for a network connection based on the determined protocol; evaluating Fourier transform coefficient values for each of a plurality of bytes in a portion of network traffic of the new network connection based on the retrieved definition; and comparing the evaluated coefficient values with a dictionary of one or more reference sets of coefficients, each of the one or more reference sets of coefficients being associated with a portion of network traffic of a malicious encrypted network connection, so as to determine if malicious encrypted network traffic is communicated over the network connection.

Description

technical field [0001] The present invention relates to the detection of malicious network transmissions. In particular, the present invention relates to improved detection of malicious network traffic. Background technique [0002] Malware (also known as malicious computer code or malicious programs) is software intended to cause normal direct or indirect harm to one or more computer systems. Such harm may manifest itself as: disrupting or preventing the operation of all or part of a computer system; accessing private, sensitive, secure, and / or confidential data, software, and / or computing facility resources; or committing illegal, Illegal or Deceptive Practices. Malicious programs specifically include: computer viruses, worms, botnets, Trojan horses, spyware, adware, hacking programs, keyloggers, dialers, malicious browser extensions or plug-ins, and rogue security software. [0003] Malicious program proliferation can occur in many ways. Malicious programs can be deli...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0428H04L63/1416G06F17/141H04L63/1425H04L63/1441
Inventor B·阿兹维恩F·艾尔-莫萨G·卡洛斯
Owner BRITISH TELECOMM PLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap