Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, system and device for detecting malicious encrypted traffic based on traffic behavior

A technology of traffic detection and behavior, applied in transmission systems, other database retrieval, biological neural network models, etc., can solve the problems that traffic detection methods cannot meet the detection requirements

Active Publication Date: 2021-09-14
BEIJING RES INST UNIV OF SCI & TECH OF CHINA +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the current network environment, with the introduction and use of port hopping technology, dynamic port technology, and tunnel technology, traffic detection methods based on quintuple information such as ports have been unable to meet the detection requirements.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and device for detecting malicious encrypted traffic based on traffic behavior
  • Method, system and device for detecting malicious encrypted traffic based on traffic behavior
  • Method, system and device for detecting malicious encrypted traffic based on traffic behavior

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0025] An embodiment of the present invention provides a method for detecting malicious encrypted traffic based on traffic behavior, such as figure 1 As shown, it mainly includes the following three steps:

[0026] 1. Extract features including traffic behavior distribution and SSL / TLS protocol information from the traffic data packets to be detected, and encode the features.

[0027] 2. Extract hidden features from the encoded traffic behavior di...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a malicious encrypted traffic detection method, system and equipment based on traffic behavior, which does not require too much manual analysis of data packets, and only needs to extract the statistical characteristics and SSL (Secure Sockets Layer, SSL) / Part of the information in the TLS (Transport Layer Security, TLS) protocol field, using the deep neural network to perform feature processing to obtain hidden features, and then perform encrypted traffic detection, and adjust the detection results through fingerprint information; not only improves the detection efficiency, but also improves malicious Accuracy of traffic detection.

Description

technical field [0001] The invention relates to the field of computer network and cyberspace security, in particular to a method, system and equipment for detecting malicious encrypted traffic based on traffic behavior. Background technique [0002] With the expansion of the scale of Internet applications, the awareness of network security risk prevention continues to increase, and more and more applications use encryption to achieve data privacy protection, and the proportion of encrypted traffic in the network is getting higher and higher. At the same time, attackers also use encryption to hide their own information. Malicious codes using encrypted communication and malicious attacks on encrypted channels emerge in an endless stream, which brings great challenges to traditional rule-based traffic detection methods. [0003] Currently, there are two mainstream encryption traffic attack detection methods: detection after decryption and detection without decryption. Gateway ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F16/906G06F16/903G06N3/04
CPCH04L63/1416H04L63/1441G06F16/906G06F16/90335G06N3/048G06N3/044G06N3/045
Inventor 陈双武程思雨马元懿杨锋杨坚张勇东
Owner BEIJING RES INST UNIV OF SCI & TECH OF CHINA