Unlock instant, AI-driven research and patent intelligence for your innovation.

Malicious encryption traffic analysis feature extraction method based on data packet timing sequence

A feature extraction and traffic analysis technology, which is applied in the field of network security and user privacy, can solve the problems that the technology has not been widely used, and the feature selection and extraction of malicious encrypted traffic analysis have not been widely studied, so as to save time and space costs, The effect of improving accuracy

Inactive Publication Date: 2019-03-15
XI AN JIAOTONG UNIV
View PDF5 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It can be seen that the feature selection and extraction of malicious encrypted traffic analysis has not been extensively studied, and related technologies have not been widely used.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious encryption traffic analysis feature extraction method based on data packet timing sequence
  • Malicious encryption traffic analysis feature extraction method based on data packet timing sequence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The present invention is further described below in conjunction with accompanying drawing:

[0029] see figure 1 , a method for feature extraction of malicious encrypted traffic analysis based on data packet timing, comprising the following steps:

[0030] Step 1, given the preprocessed encrypted traffic captured from any encrypted network, specifically the data packet sequence;

[0031] Now the sequence of packets to access a website is as follows:

[0032] ('gorgon.youdao.com','202.117.43.76'):[[[1512460671.746477,+62],[1512460671.74654, -62],[1512460671.827178,+296],[1512460672.111997,-1506],[1512460672.201402,- 1124], [1512460672.276805,+180],[1512460672.367518,-296],[1512460672.455021,+778]]]

[0033] The domain name and IP in front represent the address to be accessed, and the content in the back is the time and size sequence of the data packet, in the form of: [time stamp, data packet size]. Among them, "+" indicates the direction of sending data packets, and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious encryption traffic analysis feature extraction method based on a data packet timing sequence. On the premise of giving any data packet timing sequence, all characteristics of a timing sequence characteristic of the data packet sequence can be effectively extracted and described, which form an important part directly used as a characteristic group for training a classification model. The method in the invention can advantageously improve the recognition accuracy of a website fingerprint recognition technology; moreover, the time and spatial costs consumed during constructing the classification model are saved; and an illegal online behavior of the user can be monitored more effectively.

Description

technical field [0001] The invention belongs to the field of network security and user privacy, in particular to a method for extracting characteristics of malicious encrypted traffic analysis based on data packet timing. Background technique [0002] In recent years, with the rapid development of the Internet, the network has been closely integrated into our production and life, and network security has become an issue that cannot be ignored. In daily life, people's awareness of network security has gradually increased, and more and more users and enterprises have begun to pay attention to the protection and safe transmission of information. The network behavior recognition technology based on malicious encrypted traffic can be used to realize the security supervision of the network, especially the supervision of illegal business and bad information, such as human trafficking, prostitution and gambling, arms trading and so on. Malicious encrypted traffic analysis can analy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0428H04L63/1416
Inventor 马小博安冰玉师马玮焦洪山彭嘉豪赵延康李剑锋毛蔚轩
Owner XI AN JIAOTONG UNIV