Detection method for encrypted traffic of confused KCP protocol

A detection method and technology for mixing traffic, applied in transmission systems, electrical components, etc., can solve the problems of inability to confuse KCP protocol traffic identification, inability to meet the supervision needs of network regulators, etc., and achieve the effect of resisting unstable factors

Pending Publication Date: 2022-05-24
NANJING UNIV OF SCI & TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Existing technologies such as data packet flow analysis cannot realize the identification of confusing KCP protocol traffic, and can no longer meet the supervision needs of network regulators. Therefore, it is urgent to study new screening methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method for encrypted traffic of confused KCP protocol
  • Detection method for encrypted traffic of confused KCP protocol
  • Detection method for encrypted traffic of confused KCP protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] The present invention is directed to a detection method for an encrypted proxy channel of an obfuscated KCP protocol, which specifically includes the following steps:

[0016] Step 1: Based on the libpcap network library, the UDP mixed traffic is divided according to the source address, destination address, source port, destination port, protocol quintuple and time information, and the UDP data flow information after the division is obtained and sent to the cache one by one. queue.

[0017] Step 2: Read the UDP traffic information of the cache queue one by one, extract the data payload packet load information, and identify the masquerading application type; extract the data packet payload information, filter the application protocol field, extract the 1-22 bytes payload information after the masquerading layer, and detect the KCP Protocol normative, if it does not conform to the KCP protocol format, further identify whether the payload content is the obfuscated KCP prot...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method for confused KCP encrypted traffic. The method comprises the following steps: carrying out shunting processing on UDP mixed traffic based on quintuple and time information, extracting data packet load information for the UDP traffic based on a DPI deep packet analysis technology, identifying a disguised application type and a KCP confusion protocol information field, extracting first 20 load packet sequences of uplink traffic, and checking a KCP confusion protocol communication mechanism, and heartbeat packets in traffic data transmission are extracted, and heartbeat behavior characteristics are verified by using the load information. According to the method, the multi-feature detection of the UDP data stream is adopted, and the detection of the confused KCP encryption proxy channel can be effectively realized.

Description

technical field [0001] The invention relates to the technical field of information processing in the technical field of network security, in particular to a method for detecting an encrypted proxy channel based on a KCP protocol. Background technique [0002] KCP is a fast and reliable protocol based on UDP transmission protocol. It can waste 10%-20% of bandwidth than TCP in exchange for 30%-40% reduction in average delay and three-part transmission effect reduction in maximum delay. [0003] The KCP protocol mainly provides the functions of acceleration, delay reduction, reliable transmission, and congestion control, so it is widely used in network transmission. [0004] The obfuscated KCP protocol is a streaming transmission protocol based on the KCP protocol. It is modified from the KCP protocol and can transmit any data stream in sequence. It can be used as the HTTP bearer protocol to provide security services for it. Existing data packet flow analysis and other technol...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L43/18H04L69/164
CPCH04L43/18H04L69/164
Inventor 钱友文刘光杰刘伟伟
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap