SSH man-in-the-middle attack detection system based on session similarity analysis

A technology of similarity analysis and attack detection, applied in transmission systems, electrical components, etc., can solve problems such as undetectable, unguaranteed server, abnormal time interval, etc., to avoid the impact of attack detection, improve detection efficiency, reduce effect of scale

Active Publication Date: 2021-03-12
BEIHANG UNIV
View PDF12 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The interactivity of SSH makes the response time interval change greatly, and the time interval-based detection idea for SSL is mainly focused on abnormal time intervals, which are too affected by user operations in SSH, so it is not applicable
However, the detection method that actively detects abnormal certificates or keys has two obvious defects in the face of captured SSH encrypted traffic: detection cannot be performed by actively sending data in the captured traffic; SSH does not have the publicity of SSL , there is no guarantee that the server has multiple connections at the same time to provide the required comparison source

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SSH man-in-the-middle attack detection system based on session similarity analysis
  • SSH man-in-the-middle attack detection system based on session similarity analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0037] The invention is an SSH man-in-the-middle attack detection system based on session similarity analysis, which selects suspicious SSH session pairs from network traffic data, and then uses neural network technology to discriminate the similarity between encrypted session pairs, thereby completing the network The detection of man-in-the-middle attack events in traffic data includes: designing a SSH man-in-the-middle attack detection process framework based on session similarity analysis, which defines the components and detection steps of the detection scheme; designing an SSH suspicious session pair selection algorithm to effectively reduce The scale of session pairs that require similarity discrimination is identified; the sequence data representation of SSH sessions is proposed, which can effectively identify the similarity and uniqueness of SSH s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an SSH man-in-the-middle attack detection system based on session similarity analysis, which selects a suspicious SSH session pair from network traffic data, and then discriminates the similarity between encrypted session pairs through a neural network technology so as to complete the detection of a man-in-the-middle attack event in the network traffic data. The method specifically comprises the following steps: designing an SSH man-in-the-middle attack detection process framework based on session similarity analysis, and defining composition modules and detection stepsof a detection scheme; designing an SSH suspicious session pair selection algorithm, so as to effectively reduce the session pair scale needing similarity discrimination; providing a sequence data representation method of the SSH session, and effectively identifying the similarity and uniqueness of the SSH session; constructing a session pair similarity judgment module based on an LSTM neural network and a full connection layer neural network, achieving prediction of SSH session pair similarity, and then completing determination of man-in-the-middle attack events.

Description

technical field [0001] The invention relates to the fields of network security and big data analysis, in particular to a system for detecting SSH (Secure Shell) man-in-the-middle attacks from network traffic data. Background technique [0002] The man-in-the-middle attack is a relatively subtle attack. After the relay connection is established, all plaintext information sent by the original communication parties can be viewed, which may cause very serious information leakage or network intrusion. At present, the research on man-in-the-middle attack detection mainly focuses on the Secure Sockets Layer (SSL, Secure Sockets Layer), and there are mainly two existing SSL man-in-the-middle attack detection methods, which are online detection and offline detection. Online detection means that the client actively detects through some mechanism during the connection process, and disconnects after detecting an attack. Existing online detection methods mainly include the following typ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 李铎坤郎波陈少杰王少枫
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap