Unlock instant, AI-driven research and patent intelligence for your innovation.

Purpose-based malicious encrypted traffic identification method and device

A traffic and malicious technology, applied in the field of information security, can solve the problems of difficult identification of malicious traffic, low efficiency and low accuracy

Active Publication Date: 2021-01-12
北京观成科技有限公司
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since malicious behavior is hidden in encrypted data, it is difficult to identify malicious traffic, and malicious encrypted traffic has become a difficult problem and bottleneck for security monitoring
[0003] To study the detection of malicious encrypted traffic, one must first determine the attack purpose of the samples using encrypted communication. At present, it is generally necessary to manually classify the attack purpose of encrypted traffic, and identify malicious encrypted traffic according to the attack purpose, which is inefficient and has low accuracy.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Purpose-based malicious encrypted traffic identification method and device
  • Purpose-based malicious encrypted traffic identification method and device
  • Purpose-based malicious encrypted traffic identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0105] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0106] This embodiment discloses a method for identifying malicious encrypted traffic based on purpose, please refer to figure 1 , the identification method specifically includes the following steps:

[0107] S101: Acquire target encrypted traffic and traffic characteristics of the target encrypted traffic, where the target encrypted traffic is encrypted traffic based on the SSL / TLS protocol generated by a malicious program identified through a dynamic sandbox...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a purpose-based malicious encrypted traffic identification method and device, and the method comprises the steps: obtaining target encrypted traffic and the traffic characteristics of the target encrypted traffic, and enabling the target encrypted traffic to be encrypted traffic based on an SSL / TLS protocol and generated by a malicious program identified by a dynamic sandbox; sequentially performing parent program detection, malicious program detection, white site detection and black control end detection on the target encrypted traffic according to the traffic characteristics, and identifying the purpose of the target encrypted traffic; and determining whether the target encrypted traffic is malicious encrypted traffic or not according to the purpose of the target encrypted traffic. According to the invention, the purpose of the encrypted traffic is automatically identified, the malicious encrypted traffic is further identified according to the purpose of the encrypted traffic, and the identification efficiency and accuracy of the malicious encrypted traffic are improved.

Description

technical field [0001] The present invention relates to the technical field of information security, and more specifically, to a method and device for identifying malicious encrypted traffic based on usage. Background technique [0002] Malicious traffic identification is an important task in the field of computer network security. Its purpose is to judge whether there is malicious behavior based on network traffic data on the network boundary. If malicious behavior is found, security measures such as blocking are taken in time to ensure that end users network security. In recent years, with the widespread application of encrypted communication protocols, many malicious traffic has also begun to use encrypted communication. Since malicious behavior is hidden in encrypted data, it is difficult to identify malicious traffic, and malicious encrypted traffic has become a difficult problem and bottleneck in security monitoring. [0003] To study the detection of malicious encry...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/32
CPCH04L63/1441H04L63/145H04L9/3263
Inventor 刘燚赖文杰
Owner 北京观成科技有限公司