Encrypted malicious traffic detection device and method supporting variable-length input

A malicious traffic and detection device technology, applied in the field of network security, can solve problems affecting the detection accuracy of encrypted malicious traffic, loss of traffic characteristics, etc., and achieve the effect of improving detection accuracy and reflecting completeness

Inactive Publication Date: 2021-01-12
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The core of the method for extracting data traffic characteristics and slicing original traffic for application feature engineering in the present invention is to transform variable-length network traffic data into a fixed length to match the input dimension requiremen

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encrypted malicious traffic detection device and method supporting variable-length input
  • Encrypted malicious traffic detection device and method supporting variable-length input
  • Encrypted malicious traffic detection device and method supporting variable-length input

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The present invention will be further explained below in conjunction with accompanying drawing and specific embodiment:

[0035] Such as figure 1 As shown, an encrypted malicious traffic detection device that supports variable-length input includes: a network traffic capture module, a data preprocessing module, a 1-dimensional convolutional neural network (1D-CNN) module, a pyramid pooling layer (PP) module, Fully connected layer module, classifier module and malicious traffic processing module.

[0036] The network flow capturing module is used to collect original network flow at the network card node; the data length of the original network flow is not fixed.

[0037] The data preprocessing module is used to clean the original network traffic data, remove invalid traffic data, and at the same time divide the traffic data into dimensions according to bytes, convert it into a data format suitable for 1-dimensional convolutional neural network input, and obtain a variab...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of network security, and discloses an encrypted malicious traffic detection device and method supporting variable-length input, and the device comprises anetwork traffic capturing module, a data preprocessing module, a one-dimensional convolutional neural network module, a pyramid pooling layer module, a full connection layer module, a classifier module, and a malicious traffic processing module. According to the invention, a pyramid pooling mechanism is introduced, so the detection mechanism has the capability of processing variable-length networkflow data, i.e., effective detection can be implemented when the network flow data of any dimension is input into the detection model; since the flow data does not need to be additionally processed,and the adopted data is the original flow data, the flow data is more completely and accurately reflected, and the problems of damage and loss of network data flow characteristics do not exist.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to an encrypted malicious traffic detection device and method supporting variable-length input. Background technique [0002] With the rapid development of information and communication technology, network security issues have become increasingly prominent. In order to protect communication security, various encryption technologies are widely used in the communication process. However, traffic encryption also gives criminals an opportunity. Attackers use encryption technology to hide malicious intentions, evade detection systems, and carry out covert attacks. [0003] Due to the requirements of privacy protection, the current processing methods for encrypted traffic focus on malicious traffic detection without decryption, while machine learning, deep learning and other methods are favored by more and more enterprises and technical personnel due to their superio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N3/04
CPCH04L63/1441H04L63/1408G06N3/045
Inventor 赵博翟明芳刘勤让吕平沈剑良陈艇高彦钊虎艳宾张文建张霞
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap