Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method for Obfuscated-Openssh protocol traffic

A technology of traffic detection and detection method, applied in the field of network and information security, can solve problems such as the inability to effectively identify the Obfuscated-Openssh protocol, achieve reliable detection results, and overcome the effect of high false alarm rate

Active Publication Date: 2019-03-29
NANJING UNIV OF SCI & TECH
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the characteristics of encryption, traditional network monitoring methods cannot effectively identify the Obfuscated-Openssh protocol, and research on Obfuscated-Openssh protocol identification technology has become an urgent need for cyberspace governance
However, there is currently no public literature proposing a detection method for Obfuscated-Openssh protocol traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method for Obfuscated-Openssh protocol traffic
  • Detection method for Obfuscated-Openssh protocol traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] In order to verify the effectiveness of the solution of the present invention, the following simulation experiments are carried out.

[0041] In this embodiment, for the detection method of the Obfuscated-Openssh protocol, at first capture the training sample flow and the sample flow to be tested, extract relevant features respectively, use the normal data as the training data, and the data to be tested as the test data input into the Bayesian classifier (wherein The processing process of training samples and samples to be tested is not in any order), the specific process is as follows:

[0042] Step 1: Capture Obfuscated-Openssh protocol traffic, capture non-Obfuscated-Openssh protocol traffic, and generate training sample data set S train ;

[0043] Step 2: Stream the training sample data set S according to the TCP quintuple train , and mark the training sample category according to the TCP data flow, mark the Obfuscated-Openssh protocol TCP data flow category as ob...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a detection method for Obfuscated-Openssh protocol traffic, which comprises the steps of: capturing training sample traffic and detection sample traffic, carrying out diversionon the training sample traffic according to a TCP quintuplet, extracting related features of training sample TCP data flow, and inputting a Bayes classifier to train to generate a classification model; and carrying out diversion on the detection sample traffic according to the TCP quintuplet, extracting corresponding features of TCP data flow of the detection sample traffic, inputting the classification model, and by the classification model, judging whether the detection sample traffic is the Obfuscated-Openssh protocol traffic. By adopting multi-feature detection of the TCP data flow, the detection method can effectively solve the problem of high false alarm rate caused by a single feature and give out a reliable detection result.

Description

technical field [0001] The invention relates to network and information security technology, in particular to a detection method for Obfuscated-Openssh protocol traffic. Background technique [0002] In recent years, my country's Internet industry has developed rapidly. However, the rapid development of the Internet is a double-edged sword. It provides users with faster and more efficient services, but it also exposes serious security problems in a blowout manner. For example, the unencrypted data exchanged between the two parties in the network communication is illegally stolen; the two parties in the network communication have no identity authentication and are maliciously remotely controlled; This series of outstanding problems of illegal theft and tampering of private information has promoted the widespread use of application layer encryption security protocols and their applications. [0003] The Obfuscated-Openssh protocol is one of the representatives of secure encr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1408H04L63/168G06F18/24155
Inventor 怡暾郑田宇刘光杰刘伟伟方俊高博
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products