Method and system for multi-stream correlation analysis and identification of private encrypted data

A technology of encrypted data and correlation analysis, applied in the direction of digital transmission system, transmission system, character and pattern recognition, etc., can solve the problem of low accuracy and efficiency of feature code identification of encrypted data, etc.

Active Publication Date: 2022-04-08
永信至诚科技集团股份有限公司 +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] To this end, the present invention provides a method and system for multi-stream correlation analysis and identification of private encrypted data, which is suitable for capturing, filtering, and identification of network encrypted data, and identifies network encrypted data based on ports. By combining feature codes and multi-stream correlation analysis technology Identify; on the basis of the original information entropy idea, a binary discrete method is proposed to solve the problem of low accuracy and efficiency of traditional encrypted data based on port identification and feature code identification

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for multi-stream correlation analysis and identification of private encrypted data
  • Method and system for multi-stream correlation analysis and identification of private encrypted data
  • Method and system for multi-stream correlation analysis and identification of private encrypted data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0079] In Embodiment 1, during the loading process of the data to be identified, the data is collected through a Gigabit (or 10 Gigabit Ethernet port) in cooperation with the high-speed drive module of the network card.

[0080] According to the collected data, it is analyzed according to the four-layer protocol of TCP / IP (Ethernet layer, network layer, transport layer, application layer), and the standard protocol field is obtained, and the standard protocol field is used as the comparison object, as the basis for the logic judgment of the private protocol identification . The specific protocol analysis process and content of different layers are as follows:

[0081] 1) Ethernet layer protocol analysis:

[0082] Analyze VLAN protocol, PPPOE protocol, MPLS protocol, analyze user-defined Ethernet protocol or add additional private protocol data to Ethernet; analyze to get mac address, vlan id, network layer protocol id and other fields.

[0083] 2) Network layer protocol anal...

Embodiment 2

[0122] see image 3 Embodiment 2 of the present invention also provides that the present invention also provides a system for multi-stream correlation analysis and identification of private encrypted data, including a first-class private encrypted data identification unit 1, a second-class private encrypted data identification unit 2, and an engine reporting unit 3; The first class of private encrypted data identification unit 1 obtains non-class one private encrypted data; the second class of private encrypted data identification unit 2 performs second class private encrypted data identification from the non-class one private encrypted data; the engine reports Unit 3 reports the identified private encrypted data of type 1 and private encrypted data of type 2 to the engine;

[0123] The second type of private encrypted data identification unit 2 includes:

[0124] The non-class private encrypted data input subunit 201 is used to obtain the non-class private encrypted data, an...

Embodiment 3

[0154] Embodiment 3 of the present invention provides a non-transitory computer-readable storage medium. The computer-readable storage medium stores program code for a method for identifying private encrypted data through multi-stream correlation analysis. Instructions for multi-stream correlation analysis of Example 1 or any possible implementation thereof to identify methods of private encrypted data.

[0155] The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server, a data center, etc. integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a solid state disk (SolidState Disk, SSD)).

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method and system for identifying private encrypted data through multi-stream correlation analysis, including identifying private encrypted data of the first class, obtaining non-private encrypted data of the first class through the identification process of private encrypted data of the first class; Encrypted data identification; report the identified first-class private encrypted data and second-class private encrypted data to the engine; obtain non-class-one private encrypted data, and perform data flow correlation analysis on non-class-one private encrypted data; preset second-class private encrypted data The feature code and port, by identifying the first source IP, first source port, first destination IP and first destination port, the first session identification is performed; match the feature code and port to determine whether the first session belongs to the second type of private encryption Data; if it belongs to the second type of private encrypted data, the identification process of the subsequent session will be carried out. The invention realizes the dynamic analysis of specific private encrypted data; the recognition range and applicable scenarios are wider, and the utilization rate of massive data in the network is improved.

Description

technical field [0001] The invention relates to a method and system for multi-stream correlation analysis and identification of private encrypted data, belonging to the technical field of encrypted data processing. Background technique [0002] Currently, the identification of private encrypted data mainly includes the following schemes: [0003] First, use signatures to identify encrypted data. Mainly by judging whether the byte offset of the TCP load is a specific value, if it is equal to a certain value, the data is considered to be encrypted data, and if not, the data is considered not to be encrypted data. [0004] Second, use ports to identify encrypted data. The client communicates with the server, passing encrypted information. Before establishing a communication connection, the server needs to listen to a certain port and wait for the connection from the client. In this way, encrypted data can be identified using port characteristics. Typically, these ports are...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62H04L9/40
CPCH04L63/0236H04L63/10G06F18/22G06F18/241
Inventor 蔡晶晶陈俊张雪峰康传鹏于秋梅
Owner 永信至诚科技集团股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap