Network malicious encrypted traffic identification method and system

A network traffic and traffic identification technology, applied in the field of encrypted traffic identification, can solve the problem of low identification accuracy and efficiency

Active Publication Date: 2021-06-11
GUANGDONG UNIV OF TECH
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] This application provides a method and system for identifying malicious encrypted traffic on the network, which is used to solve the technical problem that the existing malicious encrypted traffic identification method adopts CNN and RNN, and the identification accuracy and efficiency are not high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network malicious encrypted traffic identification method and system
  • Network malicious encrypted traffic identification method and system
  • Network malicious encrypted traffic identification method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] For ease of understanding, see figure 1 , the present application provides an embodiment of a network malicious encrypted traffic identification method, including:

[0041] Step 101. Obtain a complete two-way flow network traffic data sample carrying data information. The network traffic data sample includes a malicious encrypted traffic data sample and a normal encrypted traffic data sample.

[0042] It should be noted that, in the embodiment of the present application, network traffic data collection is first performed, and qualified traffic data samples are extracted. Among them, the traffic data samples that meet the conditions are: the total number of network traffic data packets is between 20 and 1000, carrying information, and it is a complete two-way flow. At the same time, the collected traffic data should be all encrypted traffic, and normal encrypted traffic data The number of samples ranges from 100,000 to 500,000, so that the number of samples is sufficien...

Embodiment 2

[0054] The present application provides an embodiment of a network malicious encrypted traffic identification system, including:

[0055] The acquiring unit is configured to acquire a complete bidirectional flow network traffic data sample carrying data information, and the network traffic data sample includes a malicious encrypted traffic data sample and a normal encrypted traffic data sample.

[0056] The preprocessing unit is configured to perform data preprocessing on the network traffic data samples.

[0057] A modeling unit, configured to input the preprocessed network traffic data samples into the ResNet-BiLSTM algorithm model, and train the ResNet-BiLSTM algorithm model.

[0058] The identification unit is used to identify malicious encrypted traffic using the trained ResNet-BiLSTM algorithm model.

[0059] In the embodiment of the present application, network traffic data collection is first performed, and qualified traffic data samples are extracted. Among them, th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network malicious encrypted traffic identification method and system, and the method comprises the steps: extracting effective features through employing a convolution layer of a ResNet-BiLSTM algorithm model in a spatial dimension, solving a problem that a deep network gradient disappears and is difficult to train through employing a ResNet-Inception layer, and learning potential time features between network traffic through employing a bidirectional LSTM network in a time dimension; therefore, while the recognition accuracy is improved, the execution efficiency of the classifier is improved; meanwhile, the aim of recognizing the malicious encrypted traffic under the condition of not invading the privacy of the user is fulfilled, and the technical problem that the recognition accuracy and efficiency are not high due to the adoption of CNN and RNN in the existing malicious encrypted traffic recognition mode is solved.

Description

technical field [0001] The present application relates to the technical field of encrypted traffic identification, and in particular to a method and system for identifying malicious encrypted traffic on a network. Background technique [0002] With the rapid development of Internet networks and online applications, more and more network traffic is encrypted to ensure communication security and privacy. However, attackers can also use this method to hide their information and whereabouts. Therefore, it is an urgent need to detect malicious traffic in encrypted traffic. [0003] TSL encryption technology sits between the transport layer and the application layer to provide confidentiality and data integrity between two communicating applications. On the one hand, it provides encryption and security protection for communication between hosts, which effectively prevents man-in-the-middle attacks and ensures reliable data transmission. On the other hand, it makes it difficult to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/04G06N3/08H04L29/06
CPCG06N3/08H04L63/1441H04L63/1425G06N3/044G06F18/2414G06F18/2415
Inventor 柳毅戚子健罗玉胡晓敏李敏
Owner GUANGDONG UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products