Malicious encrypted traffic detection method and device

A traffic detection and malicious technology, applied in the field of network security, can solve problems such as high calculation and time overhead, dependence on human professional knowledge, unsatisfactory single flow statistical characteristics or data representation detection effect, etc., to achieve high robustness and accurate detection Effect

Active Publication Date: 2022-01-18
BEIJING UNIV OF POSTS & TELECOMM
View PDF11 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Embodiments of the present invention provide a malicious encrypted traffic detection method and device to eliminate or improve one or more defects existing in the prior art, and to solve the problem that the prior art detects malicious encrypted traffic with large calculation and time overheads , relying too much on human expertise, paying too much attention to the statistical characteristics or data representation of a single stream leads to unsatisfactory detection results

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious encrypted traffic detection method and device
  • Malicious encrypted traffic detection method and device
  • Malicious encrypted traffic detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with the embodiments and accompanying drawings. Here, the exemplary embodiments and descriptions of the present invention are used to explain the present invention, but not to limit the present invention.

[0054] Here, it should also be noted that, in order to avoid obscuring the present invention due to unnecessary details, only the structures and / or processing steps closely related to the solution according to the present invention are shown in the drawings, and the related Other details are not relevant to the invention.

[0055] It should be emphasized that the term "comprising / comprising" when used herein refers to the presence of a feature, element, step or component, but does not exclude the presence or addition of one or more other features, elements, steps or components.

[0056] Among ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious encrypted traffic detection method and device. The method comprises the following steps: building an encrypted graph through mining the incidence relation between encryption sessions in encrypted traffic, and converting single-stream isolation analysis into multi-stream collaborative analysis. Meanwhile, two types of attributes describing the encrypted malicious traffic are provided, one is credibility of evaluation based on handshake information, and the other is stationarity of evaluation based on a TLS record length sequence, and a credibility value and a stationarity value of an encrypted session to be evaluated are comprehensively analyzed and calculated through a graph attention network. The above values are input into a pre-trained feedforward neural network to obtain a maliciousness score so as to identify the encrypted malicious traffic. According to the invention, through mining the relationship between encrypted sessions, the detection of malicious encrypted traffic is more accurate, and the robustness is higher.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting malicious encrypted traffic. Background technique [0002] Encrypted traffic on the web is increasing rapidly. Security protocols such as SSL (secure Socket Layer) and upgraded TLS (Transport Layer Security) are widely used to establish trusted encrypted connections, which effectively guarantee the confidentiality and integrity of network communications. Google's Transparency Report shows that more than 95% of traffic passing through Google is encrypted. Encryption as a security measure leaves a gray area of ​​traffic for attackers to hide their malicious activities, such as malware delivery, C&C channel (Command&Control Channel), and data backhaul. Related reports show that since 2019, the number of cyber attacks using encrypted channels to bypass traditional security controls has increased rapidly by 260%. Meanwhile, nearly a quarte...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06N3/04G06N3/08
CPCH04L63/1408H04L63/1416G06N3/084G06N3/044G06N3/045
Inventor 杨彦青赵键锦李祺
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap