Multistage classification detection method for remote desktop protocol traffic behaviors

A remote desktop protocol and multi-level classification technology, which is applied in the field of multi-level classification detection of remote desktop protocol traffic behavior, can solve problems such as inappropriate identification and classification schemes, and achieve accurate classification results and high portability

Active Publication Date: 2020-05-12
NANJING UNIV OF SCI & TECH
View PDF1 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a result, the traditional "flat" identification and classification scheme becomes inappropriate when the traffic category is divided into finer-grained categories. The identification of RDP proto

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multistage classification detection method for remote desktop protocol traffic behaviors
  • Multistage classification detection method for remote desktop protocol traffic behaviors
  • Multistage classification detection method for remote desktop protocol traffic behaviors

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0036] like figure 1As shown, the RDP protocol traffic behavior multi-level detection and classification method can be divided into an offline module and an online module according to the data processing network environment. The offline module is used for model training on the data set, and the online module is used for classification and detection of real-time data. This method is divided into three steps for multi-level data processing, that is, to realize the detection of TLS protocol, SSH protocol and HTTP tunnel traffic in the encrypted data first, and then filter out the RDP protocol based on the above three encryption methods, and finally analyze the traffic Bearer behavior is identified. The method realizes the integration of multiple modules including real-time data acquisition module, data flow grouping module, training module, and data multi-level classification and recognition module, establishes encrypted traffic feature screening in the offline module, obtains th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multistage classification detection method for remote desktop protocol traffic behaviors, and the method comprises the steps: firstly screening out encrypted RDP protocol traffic which comprises the recognition of a TLS protocol, an SSH protocol and HTTP tunnel traffic; then, identifying the encrypted RDP flow according to the message length sequence characteristics of the RDP protocol in the connection establishment stage; and finally, for behaviors contained in the encrypted RDP protocol traffic, extracting features from three levels of traffic length, load randomness and interactivity, and classifying by using a machine learning method to realize identification of internal fine grit of the RDP protocol traffic, i.e., identification of RDP protocol traffic behaviors. On the premise of ensuring privacy, RDP protocol flow identification and classification of specific operation behaviors generated when a user remotely controls a server can be effectively realized through multi-stage classification processing of flow.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a multi-level classification detection method for remote desktop protocol traffic behavior. Background technique [0002] Remote Desktop Protocol (RDP) is currently the most widely used secure remote desktop protocol. This protocol service provides convenience for remote office, remote maintenance, and remote call system sharing resources, which greatly improves the management efficiency of enterprises and individuals. Therefore, It has been used more and more widely in today's highly informationized world. At the same time, for enterprise security or statistical needs, the audit work of the RDP protocol becomes particularly important. [0003] While the RDP protocol is becoming more and more popular, network privacy issues and network security issues involving enterprises and individuals also follow. For example, there may be users who remotely control the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/851H04L12/26H04L29/06
CPCH04L47/2441H04L47/2483H04L43/18H04L69/22
Inventor 陈涛刘光杰刘伟伟白惠文高博
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap