Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for identifying flow of application program under SSR proxy based on machine learning

An application and traffic identification technology, applied in the field of network security, can solve the problem of low application identification accuracy, improve the identification accuracy and reliability, and complete the identification.

Pending Publication Date: 2022-01-14
XIDIAN UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method is based on the machine learning random forest algorithm and is used to identify APP traffic under the ShadowsocksR proxy, which can solve the problem of low accuracy of application identification under the ShadowsocksR proxy in existing research

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for identifying flow of application program under SSR proxy based on machine learning
  • Method for identifying flow of application program under SSR proxy based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0084] Embodiment one: refer to figure 1 and figure 2 , the application traffic identification method under the SSR agent based on machine learning proposed by the present invention, specifically includes the following steps:

[0085] Step 1. Obtain the traffic data of the smart phone, and preprocess it according to the following steps:

[0086] (1a) select the TCP data packet in the non-retransmission data packet in the traffic data to form the original data set;

[0087] (1b) According to the arrival time of the data packets in the original data set, sort all the data packets in ascending order, and obtain the original data set after sorting;

[0088] (1c) Group the data packets in the sorted original data set according to the following rules to obtain the burst data set B:

[0089] (1c1) taking the first data packet in the original data set after sorting as the first data packet of the first data burst group;

[0090] (1c2) After traversing the data packets in the orig...

Embodiment 2

[0155] Embodiment 2: The implementation steps of this embodiment are the same as those of Embodiment 1. For some of the settings and parameters given preferred values, the technical solution of the present invention is further described as follows:

[0156] Step 1) Obtain smart phone traffic data, and preprocess the smart phone traffic data:

[0157] Step 1a) needs to turn on the hotspot of the computer with the wireless network card, and connect the smartphone used for the experiment to the hotspot. Open the ShadowsocksR agent on the smartphone, run the applications Telegram, Youtube, Twitter and Instagram respectively, and clean up all the applications that can be closed in the background when running an application. At this time, the traffic generated by the smartphone will all flow through the computer with the hotspot turned on. By enabling WireShark packet capture on the computer with the hotspot enabled, you can obtain all the traffic of the corresponding application t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a Method for identifying the flow of AN application program under SSR (ShadowsocksR) proxy based on machine learning The method is used for solving the problem of low application flow identification accuracy under SSR proxy in the prior art. According to the scheme, the method comprises the following steps: 1) collecting and preprocessing smart phone traffic data to obtain a stream data set; 2) acquiring a time interval statistical feature vector set, a time interval distribution feature vector set, a data packet length statistical feature set, a data packet length uniform distribution feature set, a data packet length logarithm distribution feature set and a data packet length sequence feature set of the stream data set, and combining into a feature matrix; 3) acquiring a training set and a test set of the application program under the SSR proxy by using the feature matrix; and 4) generating a multi-classification model based on a random forest algorithm, and obtaining an application flow identification result under the SSR proxy by using the model. According to the method, the model can more accurately identify the application program traffic under the SSR proxy, and the identification reliability is effectively improved.

Description

technical field [0001] The invention belongs to the technical field of network security, and further relates to a traffic identification method, in particular to a machine learning-based application program traffic identification method under SSR (ShadowsocksR) proxy. It can be used by relevant departments to supervise vulnerable applications or offensive malicious applications in the local area network, and to screen out potentially dangerous overseas application traffic to maintain network security. Background technique [0002] The function of a virtual private network VPN (Virtual Private Network) is to establish a private network on a public network, so as to realize encrypted communication, and it is widely used in enterprise networks. A common VPN is implemented based on the IPSec protocol and is divided into two parts: the client and the server. Before the communication data is transmitted, the client and the server need to confirm the encryption key through key neg...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62G06N20/00H04L9/40
CPCG06N20/00H04L63/145H04L63/1416G06F18/24323
Inventor 杨超郭刚李玥陈明哲张琨郑昱
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products