Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious traffic detection method and system, computer and medium

A malicious traffic and detection method technology, applied in computer components, computing, computing models, etc., can solve the problems of lack of representativeness of features, increase network forwarding delay, reduce the accuracy of port number detection methods, etc., to improve the generalization ability and safety, and the effect of improving versatility

Pending Publication Date: 2021-11-26
GUANGZHOU UNIVERSITY
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the above-mentioned malicious traffic detection methods can realize malicious traffic detection to a certain extent, they all have corresponding defects that cannot be ignored in practical applications: (1) The detection method based on the port number is very simple and foolish, and it is easy to be used by Attackers use well-known port numbers or avoid using standard registered port numbers to reduce the accuracy of port number-based detection methods to bypass detection of malicious traffic; (2) deep packet inspection methods can only handle unencrypted traffic and cannot To process encrypted traffic, if the encrypted traffic is processed, the traffic needs to be decrypted and analyzed, which requires a large amount of computing resources, and the time complexity is very high, which will greatly increase the forwarding delay of the network; (3) the machine learning malicious traffic detection method, because It uses pre-processed public data sets to lose a large number of features and is unrepresentative. Most of the features only include field information in the TLS handshake message, without considering HTTP, DNS context information, and the spatial information and timing information of message interaction, and Using a single machine learning model for training is easy to fall into local optimal solutions and other reasons, resulting in poor generalization ability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious traffic detection method and system, computer and medium
  • Malicious traffic detection method and system, computer and medium
  • Malicious traffic detection method and system, computer and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] For purposes of the present application, technical solutions, and beneficial effect is more apparent, and the following embodiments in conjunction with the accompanying drawings, the present invention will be further described in detail, obviously, the embodiments described below are part of an embodiment of the present invention, only the invention is illustrated, but not intended to limit the scope of the present invention. Based on the embodiments in the present invention, all other embodiments obtained without creative labor are not made in the premise of creative labor.

[0065] The present invention provides a method of detecting malicious traffic based on a multi-voting model can be applied as figure 1 Identifying malicious traffic on a server or a terminal device shown in high accuracy, false alarm rate, strong security and highly versatile method for the detection of malicious traffic, i.e., using as figure 2 Malicious traffic detection method shown in training to ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious traffic detection method and system, a computer and a medium. The method comprises the following steps: acquiring traffic data to be detected; extracting a to-be-analyzed field information set of the to-be-detected traffic data, and dividing the to-be-analyzed field information set into a training set and a test set according to a preset proportion; determining to-be-analyzed features of the training set and the test set; inputting the to-be-analyzed features of the training set into a plurality of preset classifiers for training, and integrating the plurality of preset classifiers through a soft voting method to obtain a malicious traffic detection model; and inputting the to-be-analyzed features of the test set into the malicious traffic detection model for testing to obtain a prediction result. The technical effect that malicious traffic can be accurately recognized without decryption is achieved, the generalization ability and safety of the malicious traffic detection model are improved, and the invention can be deployed on different firewalls, intrusion detection systems and intrusion prevention systems and has good universality.

Description

Technical field [0001] The present invention relates to malicious traffic detection technology, and particularly relates to a method of detecting malicious traffic model based on multiple voting, the system, apparatus and computer storage media. Background technique [0002] With the rapid development of Internet technology, the individual Internet chat, shopping, payment transfers between, entertainment and communications companies have gradually become another social life indispensable part. To ensure the security of information on the Internet and personal business, to ensure confidentiality and data integrity TLS (Transport LayerSecurity) application layer protocol data emerged, and according to the "HTTPS encryption situation in Chrome" Google Transparency Report, Chrome loads the proportion enable encryption of web pages already up to 95%, but the user uses the TLS protocol to encrypt traffic are not legitimate users, many of them large number of attackers also use TLS prot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62G06N20/00
CPCG06N20/00G06F18/241G06F18/214
Inventor 仇晶朱程威顾钊铨丁杰李鉴明周玲从悦田志宏苏申王乐李树栋
Owner GUANGZHOU UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com