A detection method for obfuscated-openssh protocol traffic

A detection method and protocol technology, applied in instruments, computing, electrical components, etc., can solve the problem of inability to effectively identify the Obfuscated-Openssh protocol, achieve reliable detection results, and overcome the effect of high false alarm rate.

Active Publication Date: 2021-08-03
NANJING UNIV OF SCI & TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the characteristics of encryption, traditional network monitoring methods cannot effectively identify the Obfuscated-Openssh protocol, and research on Obfuscated-Openssh protocol identification technology has become an urgent need for cyberspace governance
However, there is currently no public literature proposing a detection method for Obfuscated-Openssh protocol traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A detection method for obfuscated-openssh protocol traffic
  • A detection method for obfuscated-openssh protocol traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] In order to verify the effectiveness of the solution of the present invention, the following simulation experiments are carried out.

[0041] In this embodiment, for the detection method of the Obfuscated-Openssh protocol, at first capture the training sample flow and the sample flow to be tested, extract relevant features respectively, use the normal data as the training data, and the data to be tested as the test data input into the Bayesian classifier (wherein The processing process of training samples and samples to be tested is not in any order), the specific process is as follows:

[0042] Step 1: Capture Obfuscated-Openssh protocol traffic, capture non-Obfuscated-Openssh protocol traffic, and generate training sample data set S train ;

[0043] Step 2: Stream the training sample data set S according to the TCP quintuple train , and mark the training sample category according to the TCP data flow, mark the Obfuscated-Openssh protocol TCP data flow category as ob...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method for Obfuscated-Openssh protocol flow, which captures training sample flow and detection sample flow, flows the training sample flow according to the TCP quintuple component flow, extracts the relevant characteristics of the training sample TCP data flow, and inputs it into a Bayesian classifier Training produces a classification model; the detection sample traffic is flowed according to the TCP quintuple, the corresponding characteristics of the detection sample traffic TCP data flow are extracted, and input into the classification model, and the classification model judges whether the detection sample traffic is Obfuscated-Openssh protocol traffic. The invention adopts multi-feature detection of TCP data flow, can effectively overcome the problem of high false alarm rate caused by a single feature, and can provide reliable detection results.

Description

technical field [0001] The invention relates to network and information security technology, in particular to a detection method for Obfuscated-Openssh protocol traffic. Background technique [0002] In recent years, my country's Internet industry has developed rapidly. However, the rapid development of the Internet is a double-edged sword. It provides users with faster and more efficient services, but it also exposes serious security problems in a blowout manner. For example, the unencrypted data exchanged between the two parties in the network communication is illegally stolen; the two parties in the network communication have no identity authentication and are maliciously remotely controlled; This series of outstanding problems of illegal theft and tampering of private information has promoted the widespread use of application layer encryption security protocols and their applications. [0003] The Obfuscated-Openssh protocol is one of the representatives of secure encr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1408H04L63/168G06F18/24155
Inventor 刘光杰怡暾刘伟伟
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap