Unlock instant, AI-driven research and patent intelligence for your innovation.

Malicious traffic detection method and device, terminal and computer readable storage medium

A technology of malicious traffic and detection methods, applied in the Internet field, can solve problems such as inaccuracy, high false detection rate, and one-sided detection results.

Active Publication Date: 2022-05-17
上海斗象信息科技有限公司
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the embodiments of the present application is to provide a malicious traffic detection method, device, terminal, and computer-readable storage medium to solve the problem that only one detection model is used to detect malicious traffic in the prior art, resulting in certain inconsistencies in the detection results. Problems of one-sidedness, inaccuracy, and high false detection rate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious traffic detection method and device, terminal and computer readable storage medium
  • Malicious traffic detection method and device, terminal and computer readable storage medium
  • Malicious traffic detection method and device, terminal and computer readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0056] In order to solve the problems in the prior art that only one detection model is used to detect malicious traffic, resulting in a certain one-sidedness, inaccuracy, and high false detection rate in the detection results, the embodiment of the present application provides a malicious traffic detection method. See figure 1 As shown, the method may include the following steps.

[0057] S11: Obtain characteristic information of the traffic to be detected.

[0058] It should be noted that the traffic to be detected in step S11 may be http traffic or other types of traffic, wherein the characteristic information of the traffic to be detected may be characteristic information corresponding to any characteristic of the traffic to be detected, for example, it may be The feature information of the request header feature, specifically, can be the feature information of the URL character feature in the request header. In this embodiment, the feature information of the URL characte...

Embodiment 2

[0100] The embodiment of this application provides a malicious traffic detection device, please refer to Figure 5 shown, including:

[0101] An acquisition module 501, configured to acquire characteristic information of traffic to be detected;

[0102] A detection module 502, configured to input the characteristic information into a preset malicious traffic detection model library for detection, and the malicious traffic detection model library includes at least two detection models;

[0103] A determining module 503, configured to determine whether the traffic to be detected is malicious traffic according to the detection results of each detection model.

[0104] In an embodiment, the detection models in the malicious traffic detection model library include but are not limited to: at least two of ML detection models, KNN detection models, logistic regression detection models, decision tree detection models, and random forest detection models. In other embodiments, other ty...

Embodiment 3

[0109] Based on the same inventive concept, the embodiment of this application provides a terminal, please refer to Figure 6 As shown, it includes a processor 601 and a memory 602, the memory 602 stores a computer program, and the processor 601 executes the computer program to implement the steps of the method in the first embodiment above, which will not be repeated here.

[0110] It should be noted that the device in this embodiment may be a PC (Personal Computer, personal computer), a mobile phone, a tablet computer, a notebook computer, a virtual host, and the like. It can also be a rack server, a blade server, a tower server, or a cabinet server (including an independent server, or a server cluster composed of multiple servers) and the like.

[0111] understandable, Figure 6 The structure shown is for illustration only, the equipment may also include Figure 6 more or fewer components than shown in, or with Figure 6 Different configurations are shown.

[0112] The ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a malicious traffic detection method and device, a terminal and a computer readable storage medium, and the method comprises the steps: obtaining the feature information of to-be-detected traffic, inputting the feature information into a preset malicious traffic detection model library for detection, and enabling the malicious traffic detection model library to comprise at least two detection models, and determining whether the to-be-detected traffic is the malicious traffic according to the detection result of each detection model, in the implementation process, at least two detection models are preset, so that whether the to-be-detected traffic is the malicious traffic can be determined according to the detection results of the at least two detection models, the defect that detection and judgment are carried out only through one detection model is overcome, and the detection efficiency is improved. And the detection result is more accurate.

Description

technical field [0001] The present application relates to the technical field of the Internet, and in particular, to a malicious traffic detection method, device, terminal, and computer-readable storage medium. Background technique [0002] With the rapid development of Internet technology, the number of malicious software using HTTP traffic for communication is gradually increasing. To ensure information security, it is necessary to detect malicious traffic. At present, machine learning is usually used to detect malicious traffic. For example, machine learning can be used to discover the commonality between malicious traffic and detect malicious traffic based on this. However, at present, when detecting malicious traffic, it is usually based on a detection model, that is, only through the detection results of one detection model to determine whether the traffic to be detected is malicious traffic. Therefore, the detection results are not accurate enough, and there are certa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40G06K9/62
CPCH04L63/1408G06F18/24
Inventor 徐钟豪陈伟谢忱徐伟刘伟
Owner 上海斗象信息科技有限公司