Malicious encrypted traffic detection method based on logistic regression enhancement model

A logistic regression and flow detection technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as difficult to improve recall rate

Active Publication Date: 2019-11-05
XIDIAN UNIV
View PDF8 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The purpose of the present invention is to overcome the deficiencies in the prior art above, and propose a method for detecting malicious encrypted traffic based on an enhanced model of logistic regression, which is used to solve the problem in the prior art that abnormal encrypted traffic data is far less than benign encrypted traffic Caused by the technical problem that it is difficult to improve the recall rate under the premise of ensuring the precision rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious encrypted traffic detection method based on logistic regression enhancement model
  • Malicious encrypted traffic detection method based on logistic regression enhancement model
  • Malicious encrypted traffic detection method based on logistic regression enhancement model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] refer to figure 1 , the present invention comprises the following steps:

[0047] Step 1) Obtain training sample set S' and test sample set X':

[0048] Step 1a) Obtain training sample set S':

[0049] Step 1a1) Build a windows7 sandbox environment in the host, and close the system security settings, use the threading library and os library in python to write a program, automatically run a virus program for 5 minutes, update the sandbox environment and automatically run the next virus program after completion , repeat this process until all virus programs are completed. The virus program is provided by an authoritative virus detection agency. Use the monitoring method sniff() in the scapy library at the network traffic exit in the sandbox environment to monitor the exit network card and collect traffic generated by malicious code activities. As malicious traffic, build a local area network, use the monitoring method sniff() to capture the normal Internet traffic of us...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious encrypted traffic detection method based on a logistic regression enhancement model, which is used for improving recall ratio on the premise of ensuring malicious encrypted traffic detection precision ratio. The method comprises the following steps: acquiring a training sample set S' and a test sample set X '; constructing a classifier set H (x) based on logisticregression; training the classifier set H (x) based on logistic regression; and obtaining a detection result of the malicious encrypted traffic. According to the method, the malicious encrypted traffic existing in the encrypted network traffic is distinguished by optimizing a cost function and adopting an iterative enhancement model of a plurality of cost sensitive classifiers. The method is usedfor solving the technical problem that in the prior art, due to the fact that abnormal encrypted traffic data is far smaller than benign encrypted traffic, the recall ratio is difficult to improve onthe premise that the precision ratio is guaranteed.

Description

technical field [0001] The invention belongs to the technical field of cyberspace security, and relates to a method for detecting malicious encrypted traffic, in particular to a method for detecting malicious encrypted traffic based on an enhanced model of logistic regression, which can be used to detect malicious encrypted traffic under the condition of unbalanced traffic in a real environment. Background technique [0002] Malicious attacks occur frequently in the network environment, resulting in infringement of user privacy and a large amount of property loss. Malicious attacks are often accompanied by the generation of malicious traffic. By detecting malicious traffic in the network, malicious attacks in the network can be discovered in time, and corresponding defense measures can be taken. The existing main detection technologies are: 1) rule-based deep packet detection technology and content recognition technology; 2) using machine learning methods to build detection ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/145H04L63/1416H04L63/1425H04L63/1441
Inventor 杨超强薇苏锐丹郑昱张晓雨
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap