SSH man-in-the-middle attack detection system based on session similarity analysis

A technology of similarity analysis and attack detection, applied in transmission systems, electrical components, etc., can solve problems such as undetectable, unguaranteed server, abnormal time interval, etc., to avoid the impact of attack detection, improve detection efficiency, reduce effect of scale
CN112491867AActive Publication Date: 2021-03-12BEIHANG UNIV
12 Cites 6 Cited by

Patent Information

Authority / Receiving Office
CN ยท China
Patent Type
Applications(China)
Current Assignee / Owner
BEIHANG UNIV
Publication Date
2021-03-12

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
Patent Text Reader

Abstract

The invention provides an SSH man-in-the-middle attack detection system based on session similarity analysis, which selects a suspicious SSH session pair from network traffic data, and then discriminates the similarity between encrypted session pairs through a neural network technology so as to complete the detection of a man-in-the-middle attack event in the network traffic data. The method specifically comprises the following steps: designing an SSH man-in-the-middle attack detection process framework based on session similarity analysis, and defining composition modules and detection stepsof a detection scheme; designing an SSH suspicious session pair selection algorithm, so as to effectively reduce the session pair scale needing similarity discrimination; providing a sequence data representation method of the SSH session, and effectively identifying the similarity and uniqueness of the SSH session; constructing a session pair similarity judgment module based on an LSTM neural network and a full connection layer neural network, achieving prediction of SSH session pair similarity, and then completing determination of man-in-the-middle attack events.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the fields of network security and big data analysis, in particular to a system for detecting SSH (Secure Shell) man-in-the-middle attacks from network traffic data. Background technique

[0002] The man-in-the-middle attack is a relatively subtle attack. After the relay connection is established, all plaintext information sent by the original communication parties can be viewed, which may cause very serious information leakage or network intrusion. At present, the research on man-in-the-middle attack detection mainly focuses on the Secure Sockets Layer (SSL, Secure Sockets Layer), and there are mainly two existing SSL man-in-the-middle attack detection methods, which are online detection and offline detection. Online detection means that the client actively detects through some mechanism during the connection process, and disconnects after detecting an attack. Existing online detection methods mainly include the following typ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More