Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Agent user detection method based on communication behavior portrait

A detection method and user technology, applied in the field of network security, can solve problems such as low versatility, high detection false alarm rate, performance loss, etc., and achieve the effect of strengthening security defense, low detection false alarm rate, and high versatility

Active Publication Date: 2019-09-10
SICHUAN UNIV
View PDF10 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The existing research difficulties mainly include: (1) Proxy detection based on data packet analysis has low versatility and is only suitable for Web proxies and PHP proxies with obvious marks in the data packets, and the established rule base cannot adapt to the requirements of proxy services. Dynamic update; (2) Proxy detection based on data packet analysis cannot meet the data scale in the current big data network environment, and packet-by-packet analysis at the network egress will cause a large amount of resource occupation and performance loss; (3) Based on The proxy detection method of network traffic files uses machine learning algorithms for automatic proxy traffic identification, which is highly dependent on the feature space. communication detection, but the detection false positive rate is high; (4) the current existing proxy detection method only detects proxy traffic, and does not care about the client and network users behind the traffic, but for the internal security defense of the organization, the proxy user It is particularly important to discover proxy users in a timely manner to eliminate potential threats within the organization and strengthen internal network asset protection and security supervision.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Agent user detection method based on communication behavior portrait
  • Agent user detection method based on communication behavior portrait
  • Agent user detection method based on communication behavior portrait

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. The method of the invention introduces the portrait technology into network behavior analysis, and conducts differentiation research and feature extraction between network objects from the perspective of portraits. Define the portrait target object as O, O={label 1 , label 2 ... label n},n≥1, where label={pf 1 , pf 2 ...pf m}, m≥1, pf represents the image feature. That is to say, any analysis object can be represented by a combination of a series of labels, and each type of label can extract several portrait features through aggregation and comparison analysis, so as to form the final portrait feature set that characterizes the analysis object.

[0025] figure 1 It is a framework diagram of proxy user detection based on communication behavior portrait in the present invention. The framework can realize accurate detection and pos...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an agent user detection method based on a communication behavior portrait. The method comprises the following steps: constructing a portrait model based on the communication behavior; preprocessing the input real traffic data, and aggregating the network traffic according to organized user IP attributes and time attributes in a specified time window to obtain traffic data of each user; extracting communication object stability characteristics and communication object quantity characteristics of a user in a specified time window based on the flow data, and then filteringand screening the two characteristics based on a threshold value to obtain IP information of a suspected proxy user; performing machine learning detection classification on the network flow of each suspected proxy user; and marking the IP of which the flow judgment result satisfies the threshold setting as the IP of the proxy user. The detection method provided by the invention is high in universality, can meet the data volume in the current big data network environment, adopts the portrait model based on the communication behavior, and is low in detection false alarm rate.

Description

Technical field [0001] The present invention relates to the field of network security technology, and in particular to a proxy user detection method based on communication behavior portraits. Background technique [0002] Network proxy is a special network service that allows indirect connections between clients and servers. It is a service that proxy hosts in the local network to obtain web pages or obtain information from the Internet. It can not only help users break through the organization's IP access restrictions and content filtering mechanisms to access banned websites, but also hide the client IP and cover the client's network activities to ensure the privacy or security of network terminals. However, while proxy services bring convenience to users, they also come with hidden threats. On the one hand, the unknown identity of the proxy server brings potential network threats to internal asset protection. Some proxies will monitor the data flow between the end user'...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0281H04L63/1416H04L63/1425H04L63/1441
Inventor 陈兴蜀韩珍辉朱毅曾雪梅殷明勇
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products