Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

User behavior detection method and system based on remote desktop encryption network traffic mode difference

A network traffic and remote desktop technology, applied in the field of user behavior detection, can solve the problems of lack of universality, coarse granularity, lack of experimental demonstration of behavior recognition effect, etc., and achieve the effect of strong scalability and high accuracy

Active Publication Date: 2020-01-17
INST OF INFORMATION ENG CAS
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Although there are many studies on side-channel and encrypted traffic classification, these works pay little attention to the privacy leakage of user behavior on remote desktop encrypted traffic.
R.Altschaffel proposed a machine learning method based on statistical features to distinguish TeamViewer's file transfer, voice conference, video conference, text chat and regular conversational network traffic, but the shortcoming of this work is that the five types of actions studied are too coarse, and The four types of actions, file transfer, audio conference, video conference, and text chat, have little to do with remote desktops, because these four types of actions basically do not involve the use of mouse and keyboard to manipulate remote hosts; and their methods are highly dependent on the remote desktop. The selected remote desktop software (TeamViewer) lacks experimental evidence for the behavior recognition effect on other remote desktop traffic, so it lacks universality

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User behavior detection method and system based on remote desktop encryption network traffic mode difference
  • User behavior detection method and system based on remote desktop encryption network traffic mode difference
  • User behavior detection method and system based on remote desktop encryption network traffic mode difference

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further elaborated below through specific embodiments and accompanying drawings. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0034] The present invention discloses a user behavior detection method based on the differences in remote desktop encrypted network traffic patterns. The basic block diagram of the user behavior detection is as follows: figure 1 shown.

[0035] To collect encrypted remote desktop video traffic of different users under different operating behaviors, we use several local computers with Windows 10 and 7 installed, and several cloud virtual private servers (Virtual Private Server, VPS) with Windows Server 2012 and Windows Server 2016 installed, A router, a variety of common remote desktop software to build an experi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a user behavior detection method and system based on remote desktop encrypted network flow mode difference, and the method comprises the steps: obtaining the network flow from aremote desktop client to a remote desktop server, and dividing the network flow into independent network flows; dividing each network flow into a plurality of flow spikes, and obtaining a vectorizeddata set according to the packet length sequence and the packet arrival time sequence of each flow spike; and sending the data set to a user behavior detection model, and obtaining a coarse-grained behavior and a fine-grained action of the remote desktop client. According to the method, the encrypted traffic does not need to be decrypted, and the coarse-grained behavior and the fine-grained actionof the user can be detected only by utilizing the packet length sequence and the arrival time sequence of the traffic to extract the statistical characteristics.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to a user behavior detection method and system based on differences in remote desktop encrypted network traffic patterns. Background technique [0002] Remote desktop is a technology for remotely controlling other computers through the Internet. This technology is widely used in remote office, remote assistance, remote management and other fields. Typical remote desktop software will capture the control commands issued by the user on the client, and then send the control commands to the controlled host; the controlled host will interactively feed back the graphical results to the client after executing the command. While this real-time interactive working mode brings convenience to users, it also leads to serious privacy leakage problems. In order to prevent the leakage of user behavior privacy, the remote desktop developer will encrypt the network communication flow bet...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08H04L12/24H04L12/26
CPCH04L63/1408H04L63/1425H04L63/1416H04L67/08H04L41/145H04L43/10H04L67/535
Inventor 石俊峥刘梦严蒋明昊宋嘉莹李镇熊刚苟高鹏崔明鑫
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com