A method and system for abnormal UA detection and analysis based on rules

An abnormal and regular technology, applied in the field of network information, which can solve the problems of key field processing, effective mapping and labeling pollution, abnormal characters in key fields, etc.

Active Publication Date: 2020-12-04
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In a high-speed network environment, in-depth analysis of network protocols and extraction of key field content are the primary prerequisites for network mapping and traffic attribute labeling. However, due to the complexity of network protocols, existing analysis tools are not suitable for high-speed network environments. Protocol analysis often has abnormal characters in key fields. The abnormal characters in these key fields introduce polluted error messages to the effective mapping and labeling of network traffic.
[0005] For the case of abnormal characters in key fields, it is usually ignored in previous research on UA, and these key fields are not directly processed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for abnormal UA detection and analysis based on rules
  • A method and system for abnormal UA detection and analysis based on rules

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to make the above-mentioned features and advantages of the present invention more obvious and easy to understand, a rule-based abnormal UA detection and analysis method disclosed in the present invention will be described in detail below in conjunction with the accompanying drawings, as shown in figure 1 The flow chart shown includes the following steps:

[0034] 1. Detection stage:

[0035] (1) Network traffic capture: use Spark-based high-speed network traffic capture platform to capture high-speed traffic and wait for processing.

[0036] (2) Network traffic filtering and key field extraction: analyze the above captured traffic, filter HTTP traffic from all network traffic according to the HTTP format, and extract the UA field and client IP information according to the HTTP format , form a log in the format of and store it.

[0037] (3) Abnormal UA detection: Detect the extracted UA through regular expressions to determine whether there are abnormal chara...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a rule-based abnormal UA detection and analysis method and system. The method comprises steps of capturing the network flow based on a Spark network flow capturing platform; filtering the HTTP traffic from all network traffic according to the HTTP format. The abnormal UA in the network traffic can be effectively detected and analyzed by extracting the UA field of the HTTP traffic, so that network management and malicious software detection are facilitated.

Description

technical field [0001] The invention belongs to the technical field of network information, and in particular relates to a method and system for detecting and analyzing abnormal UA (User Agent) based on rules. Background technique [0002] Key fields in network traffic play a vital role in network traffic. Key fields in the Domain NameSystem (DNS) can be used to resolve remaining trust in the domain to see the evolution of DNS resolution, and to detect malware behavior in the network. Similarly, key fields in the HyperText Transfer Protocol (HTTP) and Transport Layer Security / Secure Socket Layer (TLS / SSL) protocols, such as UA, cookie, server name indication (SNI), play an important role in network behavior analysis and malicious behavior detection important role. [0003] Since all traffic generated by HTTP accounts for nearly half of all protocol traffic every day, the frequency of users using HTTP is very high and the number of users involved in using HTTP is large, and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F16/903G06F16/906
CPCG06F16/90344G06F16/906H04L63/0236H04L63/0263H04L63/1425
Inventor 苟高鹏熊刚陈洁李镇徐安林
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap