Method for extracting TLS data block in encrypted network traffic
A technology for network traffic and encrypted data, which is applied in the field of network security and can solve the problems of limited applicability of models.
Active Publication Date: 2019-12-27
SOUTHEAST UNIV
View PDF6 Cites 1 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The same application has different message characteristics in different transmission environments, so the existing model is not widely applicable
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0058] The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and embodiments.
[0059] The present invention proposes a method for extracting TLS data blocks in encrypted network traffic. The method specifically includes the following steps:
[0060] (1) Obtain the encrypted data of the target application;
[0061] (2) Filter out the TCP stream data that contains the target TLS data block from the encrypted data obtained;
[0062] (3) traverse each recorded TCP flow in turn, generate a corresponding TCP flow record file, then read the TLS message load of each flow, and write the TCP flow record file;
[0063] (4) Reassemble and record TLS data blocks from each TCP flow record file.
[0064] In one embodiment of the method of the present invention, in step (1), the method for obtaining the encrypted data of the target application is as follows:
[0065] (1.1) Select the corresponding network access meth...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a method for extracting a TLS data block in encrypted network flow. In the prior art, network transmission data needs to be added with information of a network transmission protocol, when the data is encrypted and transmitted by using a TLS protocol, the encrypted network message load is mixed with the information of the transmission protocol, the encryption protocol and the data, the added transmission protocol information is related to various factors, and great interference is brought to the analysis of the encrypted data. The method comprises the following steps: firstly, acquiring encrypted data on a target application; filtering TCP (Transmission Control Protocol) streams accommodating the target TLS data blocks from the encrypted data; and then establishing astream record file for each filtered TCP stream, recording the load of the TLS message belonging to each TCP stream, and finally extracting a TLS data block according to the load of the TLS message stored in the stream record file. The method has universality, and the TLS encrypted data block generated by the terminal can be extracted from the traffic encrypted and transmitted by the network application.
Description
technical field [0001] The invention belongs to the technical field of network security, in particular to a method for extracting TLS data blocks in encrypted network traffic. Background technique [0002] In order to protect user data privacy and data transmission security, data encryption before transmission has been widely adopted. According to a Cisco survey, the proportion of encrypted traffic in Internet traffic increased from 38% to 50% from 2016 to 2017, and the proportion of encrypted Internet traffic will exceed 80% in 2019. However, while data encryption technology brings security to data, it is also easy to be used maliciously. A large number of malicious attacks also use encryption technology to disguise the attack traffic in order to increase the probability of success, so data encryption also brings great challenges to identifying malicious attacks. [0003] At present, Transport Layer Security (TLS) is the most important protocol for providing encryption fo...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & AuthorityApplications(China)
IPC IPC(8): H04L29/06
CPCH04L63/166H04L63/1408
Inventor吴桦于振华程光
OwnerSOUTHEAST UNIV