Multi-feature DNS (Domain Name System) and HTTPS (Hyper Text Transfer Protocol Security) combined malicious encrypted traffic identification method

A traffic identification and multi-feature technology, applied to electrical components, transmission systems, etc., can solve problems such as missing important information, high proportion, undetectable traffic, etc.
CN110493208AActive Publication Date: 2019-11-22南京聚铭网络科技有限公司
4 Cites 16 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
南京聚铭网络科技有限公司
Publication Date
2019-11-22

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention relates to a multi-feature DNS (Domain Name System) and HTTPS (Hyper Text Transfer Protocol Security) combined malicious encrypted traffic identification method. The method comprises thefollowing steps: 1, extracting all sample DNS communication protocols in a learning network, analyzing a DNS communication protocol; 2, extracting all malicious / non-malicious HTTPS communication protocol handshake parts (non-encrypted contents) in the learning network, analyzing a handshake part of the HTTPS communication protocol; 3, extracting session related feature information of a malicious / non-malicious HTTPS protocol session, 4, correlating the DNS protocol with the HTTPS protocol related content; 5, extracting normal encrypted communication data features through data learning of normal encrypted traffic, 6, carrying out classification processing on the data by using a regression method, and 7, storing weight data to a persistent medium through a training result for subsequent use;8, performing feature extraction and substitution solution on the related encrypted traffic data in the current network by using the solution result.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to an identification method, in particular to a multi-feature DNS combined with HTTPS malicious encrypted traffic identification method, which belongs to the technical field of software encryption identification. Background technique

[0002] With the continuous development of encryption technology and the upgrading of computer security attack and defense technology, the content transmitted in plain text in the network is getting less and less, while the proportion of encrypted traffic is getting higher and higher. According to statistics, more than 60% of Internet transmission content currently uses encryption methods, among which HTTPS encrypted transmission accounts for the highest proportion; what follows is that unlike before, hackers often use encryption algorithms to encrypt the control commands and data they transmit, so as to evade the inspection of various anti-virus tools. This makes detection of such malicious network ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More