Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Multi-feature DNS (Domain Name System) and HTTPS (Hyper Text Transfer Protocol Security) combined malicious encrypted traffic identification method

A traffic identification and multi-feature technology, applied to electrical components, transmission systems, etc., can solve problems such as missing important information, high proportion, undetectable traffic, etc.

Active Publication Date: 2019-11-22
南京聚铭网络科技有限公司
View PDF4 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the continuous development of encryption technology and the upgrading of computer security attack and defense technology, the content transmitted in plain text in the network is getting less and less, while the proportion of encrypted traffic is getting higher and higher. According to statistics, more than 60% of Internet transmission content currently uses encryption methods, among which HTTPS encrypted transmission accounts for the highest proportion; what follows is that unlike before, hackers often use encryption algorithms to encrypt the control commands and data they transmit, so as to evade the inspection of various anti-virus tools. This makes detection of such malicious network traffic impossible, leading to missing important information

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-feature DNS (Domain Name System) and HTTPS (Hyper Text Transfer Protocol Security) combined malicious encrypted traffic identification method
  • Multi-feature DNS (Domain Name System) and HTTPS (Hyper Text Transfer Protocol Security) combined malicious encrypted traffic identification method
  • Multi-feature DNS (Domain Name System) and HTTPS (Hyper Text Transfer Protocol Security) combined malicious encrypted traffic identification method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0074] Embodiment 1: see figure 1 , a multi-featured DNS combined with HTTPS malicious encryption traffic identification method, the method may further comprise the steps:

[0075] Step 1: Extract all sample DNS communication protocols in the learning network, and analyze the DNS communication protocols:

[0076] Step 2: Extract all malicious / non-malicious HTTPS communication protocol handshake parts (non-encrypted content) in the learning network, and analyze the HTTPS communication protocol handshake part:

[0077] Step 3: Extract session-related characteristic information of malicious / non-malicious HTTPS protocol sessions, which include the following main aspects:

[0078] Step 4: Associate the DNS protocol with the relevant content of the HTTPS protocol. The basis for the association is the query IP address returned by the DNS and the destination address connected in the HTTPS protocol;

[0079] Step 5: Through the data learning of normal encrypted traffic, extract the c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a multi-feature DNS (Domain Name System) and HTTPS (Hyper Text Transfer Protocol Security) combined malicious encrypted traffic identification method. The method comprises thefollowing steps: 1, extracting all sample DNS communication protocols in a learning network, analyzing a DNS communication protocol; 2, extracting all malicious / non-malicious HTTPS communication protocol handshake parts (non-encrypted contents) in the learning network, analyzing a handshake part of the HTTPS communication protocol; 3, extracting session related feature information of a malicious / non-malicious HTTPS protocol session, 4, correlating the DNS protocol with the HTTPS protocol related content; 5, extracting normal encrypted communication data features through data learning of normal encrypted traffic, 6, carrying out classification processing on the data by using a regression method, and 7, storing weight data to a persistent medium through a training result for subsequent use;8, performing feature extraction and substitution solution on the related encrypted traffic data in the current network by using the solution result.

Description

technical field [0001] The invention relates to an identification method, in particular to a multi-feature DNS combined with HTTPS malicious encrypted traffic identification method, which belongs to the technical field of software encryption identification. Background technique [0002] With the continuous development of encryption technology and the upgrading of computer security attack and defense technology, the content transmitted in plain text in the network is getting less and less, while the proportion of encrypted traffic is getting higher and higher. According to statistics, more than 60% of Internet transmission content currently uses encryption methods, among which HTTPS encrypted transmission accounts for the highest proportion; what follows is that unlike before, hackers often use encryption algorithms to encrypt the control commands and data they transmit, so as to evade the inspection of various anti-virus tools. This makes detection of such malicious network ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08H04L29/12
CPCH04L63/1441H04L63/1466H04L63/1425H04L67/02H04L61/4511
Inventor 陈虎唐开达
Owner 南京聚铭网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com