Unlock instant, AI-driven research and patent intelligence for your innovation.

A system and method for detecting encrypted malicious traffic based on depth learning

A technology of malicious traffic and deep learning, applied in the detection system of encrypted malicious traffic, can solve the problems of low practical application value and decryption of encrypted malicious traffic

Inactive Publication Date: 2018-12-28
SHANGHAI JIAO TONG UNIV
View PDF3 Cites 48 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Most of the existing malicious traffic detection technologies need to analyze the content of the traffic payload, so the encrypted traffic needs to be decrypted first and then analyzed, but in many cases there are not enough conditions to decrypt the encrypted malicious traffic. Practical application value is not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A system and method for detecting encrypted malicious traffic based on depth learning
  • A system and method for detecting encrypted malicious traffic based on depth learning
  • A system and method for detecting encrypted malicious traffic based on depth learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The following describes several preferred embodiments of the present invention with reference to the accompanying drawings, so as to make the technical content clearer and easier to understand. The present invention can be embodied in many different forms of embodiments, and the protection scope of the present invention is not limited to the embodiments mentioned herein.

[0042] In the drawings, components with the same structure are denoted by the same numerals, and components with similar structures or functions are denoted by similar numerals. The size and thickness of each component shown in the drawings are shown arbitrarily, and the present invention does not limit the size and thickness of each component. In order to make the illustration clearer, the thickness of parts is appropriately exaggerated in some places in the drawings.

[0043] Such as figure 1 As shown, this embodiment includes the following modules:

[0044] 1) Website submission module: used to ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a system and a method for detecting encrypted malicious flow based on depth learning, which relates to the field of computer network security, and comprises a website submission module, a flow analysis and storage module, a core analysis module and a feedback display module. The flow analysis software analyzes the PCAP packets to get the log files, and then aggregates theselog files according to the IP address. Feature extraction, flow graph making and domain name extraction are carried out for an aggregated stream. Using xgboost, word2vec + LSTM, CNN to generate the recognition model, after the combination of the final judgment. The invention can judge whether the traffic is malicious or not without knowing the content of the decrypted traffic, so as to analyze the encrypted malicious traffic.

Description

technical field [0001] The invention relates to the field of computer network security, in particular to a system and method for detecting encrypted malicious traffic based on deep learning. Background technique [0002] The SSL secure socket layer protocol provides a data security mechanism between the application layer and the transport layer, establishes a secure channel between the client and the server, encrypts and hides data, and ensures that the data is not changed during transmission [1]. The SSL protocol has completed the encryption algorithm and key negotiation before the application layer protocol communication, and the data transmitted after that will be encrypted to ensure the privacy of the communication. [0003] HTTPS encrypted malicious traffic uses the SSL encryption protocol during traffic transmission to avoid common traffic analysis techniques and bring new challenges to encrypted traffic detection. Most of the existing malicious traffic detection tech...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 邹福泰许文亮马志远高逸飞李林森
Owner SHANGHAI JIAO TONG UNIV