Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Unsupervised encrypted malicious flow detection method and apparatus, device and medium

A malicious traffic and detection method technology, applied in the direction of instruments, character and pattern recognition, electrical components, etc., can solve the problems of inaccurate detection models, insufficient number of samples, poor detection ability of new attack samples, etc., and achieve the effect of efficient detection

Active Publication Date: 2019-03-19
极客信安(成都)科技有限公司
View PDF6 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] (1) Model training relies on a large number of black samples, and the insufficient number of samples may lead to inaccurate detection models obtained through training;
[0007] (2) Relying on expert knowledge to analyze and extract traffic features, if the expert experience is unreliable, there may be major problems in the final classification results;
[0008] (3) Because it is based on previous experience and knowledge, the detection ability for new attack samples is relatively poor;

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Unsupervised encrypted malicious flow detection method and apparatus, device and medium
  • Unsupervised encrypted malicious flow detection method and apparatus, device and medium
  • Unsupervised encrypted malicious flow detection method and apparatus, device and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0104] Such as image 3 As shown, in the second aspect, the present disclosure provides an unsupervised encrypted malicious traffic detection device, including: a data collection unit 301, a construction unit 302, an initial clustering unit 303, a vectorization unit 304, a re-clustering unit 305 and a determination Unit 306, Specific,

[0105] A data collection unit 301, configured to collect required data feature sets based on network traffic;

[0106] A construction unit 302, configured to use the collected data feature set to establish a bipartite graph between the client and the server;

[0107] The primary clustering unit 303 is configured to perform primary clustering of the client and server nodes through a graph segmentation method;

[0108] A vectorization unit 304, configured to vectorize the client and server nodes of the larger Unicom subgraph in the initial clustering;

[0109] The re-clustering unit 305 uses the DBScan algorithm to re-cluster the vectorized da...

Embodiment 3

[0112] The present disclosure provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are invoked and executed by a processor, the method steps described in any one of the first aspects are implemented.

[0113] This disclosure uses a graph-based unsupervised learning model to directly perform encrypted traffic detection without prior knowledge and labeling sample sets, and obtain different types of families by bisecting the graph, transforming large families into small families, and then separately Malicious traffic is identified through the inspection of traffic characteristics. The method is simple and easy to operate, and can efficiently detect encrypted malicious traffic.

Embodiment 4

[0115] Such as Figure 4 As shown, the present disclosure provides an electronic device, including a processor and a memory, the memory stores computer program instructions that can be executed by the processor, and when the processor executes the computer program instructions, the first aspect is implemented Any of the described method steps.

[0116] Refer below Figure 4, which shows a schematic structural diagram of an electronic device 400 suitable for implementing the embodiments of the present disclosure. The terminal equipment in the embodiment of the present disclosure may include but not limited to such as mobile phone, notebook computer, digital broadcast receiver, PDA (personal digital assistant), PAD (tablet computer), PMP (portable multimedia player), vehicle terminal (such as mobile terminals such as car navigation terminals) and fixed terminals such as digital TVs, desktop computers and the like. Figure 4 The illustrated electronic device is only an example...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the invention provide an unsupervised encrypted malicious flow detection method and apparatus, a device and a medium. The method comprises the following steps that a needed data featureset is collected based on network flow; a bipartite graph between a client and a server is built by utilizing the collected data feature set; primary clustering is carried out on client and server nodes through a graph segmentation method; vectorization processing is carried out on the client and server nodes in a relatively large connected sub-graph in the primary clustering; vectorized data isclustered again by using a DBScan algorithm; and malicious flow and nodes are judged by utilizing a clustering result after re-clustering. By utilizing a graph-based unsupervised learning model, encrypted flow can be directly detected without priori knowledge and a labeling sample set; different types of clusters are obtained by carrying out binary segmentation on the graph; a large cluster is converted into small clusters; and the malicious flow is identified by performing check through flow characteristics. The method is simple and easy to operate.

Description

technical field [0001] The present disclosure relates to the technical field of traffic data detection, in particular to an unsupervised encrypted malicious traffic detection method, device, electronic equipment and storage medium. Background technique [0002] Network communication is an information application that almost all enterprises and individuals will involve. As enterprises and individual users pay more and more attention to information security, there are more and more usage scenarios of encryption technology in network communication. That is, the communication content cannot be identified by other users on the network except the communication parties through the encryption method. [0003] At the same time, when various malicious programs such as network Trojan horses and worms communicate with the control terminal, in order to avoid the identification of network detection equipment, they often use encrypted traffic communication. This causes the problem that n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/14G06F18/23213
Inventor 江斌
Owner 极客信安(成都)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com