Detection method and system for HTTP malicious traffic

A malicious traffic and malicious technology, applied in the field of network communication, can solve the problems of inapplicability to big data traffic detection scenarios, poor interpretation of deep learning, and failure to work, so as to reduce the time cost of traffic analysis, improve detection efficiency, and reduce model false positives Effect

Active Publication Date: 2019-07-02
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF6 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has a fast detection speed, but the pattern is fixed and single, and the quality of the detection results depends entirely on WAF regular expressions, and this method can only detect known network attack methods. For attack methods that add obfuscated code or unknown Attac

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and system for HTTP malicious traffic
  • Detection method and system for HTTP malicious traffic
  • Detection method and system for HTTP malicious traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

[0061] It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are to distinguish two entities with the same name but different parameters or parameters that are not the same, see "first" and "second" It is only for the convenience of expression, and should not be construed as a limitation on the embodiments of the present invention, which will not be described one by one in the subsequent embodiments.

[0062] figure 1 A flowchart of a method for detecting malicious HTTP traffic provided by an embodiment of the present invention, such as figure 1 As shown, the method provided by the embodiment of the present invention can be based on the open source big data analysi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method and system for HTTP malicious traffic, and the method comprises the steps: capturing network traffic data, carrying out the preprocessing of the network traffic data, and obtaining formatted data corresponding to each HTTP request; performing feature extraction on the formatted data to obtain text vector features of each piece of formatted data; performing classification detection on the text vector characteristics based on a pre-trained malicious flow detection model to detect an HTTP malicious request; performing similar attack clustering on the HTTP malicious request based on a similar attack clustering algorithm to obtain a cluster; and performing analysis based on the cluster to obtain malicious attack information of the HTTP malicious request. According to the method, the Spark big data analysis engine is used for carrying out feature extraction and conversion on the flow data, and the machine learning and clustering algorithm is used for mining the malicious flow, so that the detection accuracy of the network malicious flow is improved, and the flow analysis time cost of security analysts is reduced.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a method and system for detecting malicious traffic of HTTP (Hyper Text Transfer Protocol, hypertext transfer protocol). Background technique [0002] In recent years, with the rapid development of Internet applications, the network scale of the Internet has shown an unprecedented expansion trend, and the complexity of the network has become higher and higher. While the Internet brings convenient services to the vast number of users, the accompanying network security problems are becoming more and more serious. Incidents such as arbitrary theft and modification of user information frequently occur during network data transmission, which has drawn widespread attention to network security issues. [0003] Malicious traffic identification is an important method in network supervision. Using network traffic analysis to identify and classify malicious traffic has become...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F16/35G06F17/27H04L29/06H04L29/08
CPCH04L63/1416H04L67/02G06F40/216G06F40/284
Inventor 周昊张帅吕志泉董云飞朱天陈阳饶毓徐娜严寒冰丁丽张华常霞狄少嘉徐原温森浩王庆李世淙徐剑李志辉姚力朱芸茜郭晶胡俊王小群何能强李挺王适文肖崇蕙贾子骁韩志辉马莉雅张宇鹏雷君高川周彧吕卓航楼书逸文静贾世琳
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap