Unlock instant, AI-driven research and patent intelligence for your innovation.

Network traffic analysis method, apparatus, and computer-readable medium

A technology of network traffic and analysis methods, applied in the field of network traffic analysis and computer-readable media, can solve the problems of inability to respond dynamically, large changes, and high costs

Active Publication Date: 2022-07-05
SIEMENS CHINA
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, the physical honeypot is highly interactive, but the cost is high; the virtual honeypot simulates the real physical honeypot through software, and the cost is low, but because it is created manually, the response mode is relatively fixed, so it is easy to be identified by the attacker , less interactive
Whether it is a physical honeypot or a virtual honeypot, most of them are static, and usually cannot respond dynamically according to changes in request messages, and when new functions need to be added, the honeypot system needs to be redesigned, and the changes are large

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network traffic analysis method, apparatus, and computer-readable medium
  • Network traffic analysis method, apparatus, and computer-readable medium
  • Network traffic analysis method, apparatus, and computer-readable medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] As mentioned above, existing honeypot systems cannot achieve dynamic responses to request messages. In the embodiment of the present invention, the characteristics of the protocol structure of the request message and the response message in the real network traffic are obtained by analyzing, so as to find the corresponding relationship between the response message and the request message, and then after receiving a request message, according to the The correspondence relationship dynamically generates a response message.

[0045] In addition to the honeypot system, the solutions provided by the embodiments of the present invention can also be applied to other scenarios, such as a network protocol testing system, which can generate various dynamic response messages; another example is a response message used to determine anomalies, so as to find the network security breaches, etc.

[0046] Further, when determining the correspondence between the response message and the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

It relates to the field of network technologies, and in particular, to a network traffic analysis method, device and computer-readable medium, which are used to effectively determine the correspondence between request messages and response messages in network traffic. In a network traffic analysis method provided by an embodiment of the present invention, at least one first request message and respective first response messages are received; feature information of the protocol structure of each first request message is extracted, and at least one of the response messages is determined. a possible protocol structure and extract feature information; corresponding to the first request message, record the feature information of the protocol structure of the first request message, and each possible protocol structure of the first response message of the first request message characteristic information.

Description

technical field [0001] The present invention relates to the field of network technologies, and in particular, to a method, device and computer-readable medium for analyzing network traffic. Background technique [0002] Today, the problem of network security is becoming more and more prominent. Security solutions such as firewalls, antivirus software, and intrusion detection systems can be used to stop cyberattacks. However, these security solutions can only detect or block some of the known cyber attacks. [0003] Honeypot systems collect information from attackers by imitating vulnerable systems, and record and analyze attackers' attack behaviors. It is helpful to understand the attacker's attack behavior and methods, and then discover the security holes in the unknown network. [0004] In the existing honeypot system, there are physical honeypots and virtual honeypots. Among them, the physical honeypot has high interactivity, but the cost is high; the virtual honeypot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40
CPCH04L63/1408
Inventor 李锐
Owner SIEMENS CHINA