Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Encrypted malicious traffic identification method, equipment and device

A malicious traffic and identification method technology, applied in the field of equipment and devices, encrypted malicious traffic identification method, can solve the problems of inaccurate features, affecting the effect of machine learning, inaccurate selected features, etc., to achieve the effect of improving accuracy

Inactive Publication Date: 2020-07-24
北京观成科技有限公司 +1
View PDF7 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the traditional field of machine learning, the quality of feature engineering often directly determines the effect of machine learning. It usually requires manual extraction and selection of features based on expert experience. However, due to subjectivity, feature engineering inevitably leads to inaccurate selected features. The problem affects the subsequent machine learning effect
How to design a malicious traffic identification method that can efficiently and accurately identify whether the traffic behavior is abnormal and avoid the problem of inaccurate features caused by subjective selection of features has become an urgent problem to be solved

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encrypted malicious traffic identification method, equipment and device
  • Encrypted malicious traffic identification method, equipment and device
  • Encrypted malicious traffic identification method, equipment and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] Please refer to the attached figure 1 , figure 1 It is a schematic flowchart of a method for identifying encrypted malicious traffic provided in the embodiment of the present application, and the method includes the following steps:

[0041] S100: Traffic preprocessing, and dividing the network traffic to be tested into multiple traffic packets according to time series;

[0042] S200: The traffic packets are learned and judged by the first neural network to obtain the timing features and / or spatial features of each traffic packet;

[0043] S300: Summarize the timing features and / or spatial features of all traffic packets into a summary feature in time series, and obtain the summary timing feature of the traffic to be measured by learning and judging from the summary feature through the second neural network;

[0044]S400: Comparing the summary time series feature of the traffic to be tested with the preset normal traffic summary time series feature to determine whethe...

Embodiment 2

[0079] This embodiment discloses a device for identifying encrypted malicious traffic. It includes a memory and a processor, the memory is used to store a computer program, and the processor is used to implement the method for identifying malicious traffic disclosed in Embodiment 1 when executing the computer program.

Embodiment 3

[0081] This embodiment discloses a device for identifying encrypted malicious traffic. Such as Figure 7 As shown, the method for identifying encrypted malicious traffic disclosed in Embodiment 1 includes:

[0082] A preprocessing module 100, configured to separate encrypted network traffic to be tested from network traffic, and divide the network traffic to be tested into multiple traffic packets in time series;

[0083] The first learning module 200 includes a first neural network for learning and judging the traffic packets through the first neural network to obtain the timing characteristics and / or spatial characteristics of each traffic packet;

[0084] The second learning module 300 includes a second neural network, and the second judging module summarizes the timing features and / or spatial features of all traffic packets of the first judging module into summary features in time series, and through the second The neural network obtains the summary timing characteristic...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an encrypted malicious traffic identification method, equipment and device, and the method comprises the steps: separating encrypted to-be-detected network traffic from networktraffic, and dividing the to-be-detected network traffic into a plurality of traffic packets according to a time sequence, wherein the traffic packets are learned and judged through a first neural network to obtain time sequence features and / or space features of each flow packet; summarizing the time sequence features and / or the space features of all the flow packets into summarized features according to a time sequence, and obtaining the summarized time sequence features of the flow to be detected from the summarized features through learning judgment by a second neural network; and comparing the to-be-detected traffic summary time sequence feature with a preset normal traffic summary time sequence feature to judge whether the to-be-detected network traffic is a malicious feature or not.According to the method, the space and time characteristics of the flow are learned by adopting the neural network, a multi-flow network flow processing mode is introduced, behavior characteristics between flows are fully considered, and the accuracy of malicious flow identification can be more accurate.

Description

technical field [0001] The present application relates to the technical field of malicious traffic analysis, and more specifically, relates to a method, device and device for identifying encrypted malicious traffic. Background technique [0002] With the rapid development of the Internet and the wide application of encryption technology, the proportion of encrypted traffic continues to increase. Relevant agencies predict that more than 80% of enterprise network traffic will be encrypted, of which more than 70% of malicious network traffic will be hidden, and network security issues will be severely tested. How to identify encrypted malicious traffic is a difficult problem faced by regulators and legitimate users. [0003] Encrypted malicious traffic usually uses the same security protocol as normal traffic, which can evade traditional traffic detection technologies during traffic transmission, bringing new challenges to encrypted traffic detection. Most of the existing tra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06N3/08G06N3/04G06K9/62
CPCH04L63/1425H04L63/1416G06N3/084G06N3/048G06N3/045G06F18/241
Inventor 邢明王苏南
Owner 北京观成科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com