Network data detection method and device, computer equipment and storage medium

A network data and detection method technology, applied in the Internet field, can solve problems such as low accuracy of DNS tunnels

Active Publication Date: 2020-04-03
TENCENT TECH (SHENZHEN) CO LTD
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In the prior art, the DNS tunnel can be detected by counting the length of the domain name requested to be accessed and the frequency of the domain name requested to be accessed. It is determined that the client uses tunnel detection technology. However, an attacker can easily bypass DNS tunnel detection by modifying domain name length, request frequency, etc., resulting in low accuracy of DNS tunnel detection.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network data detection method and device, computer equipment and storage medium
  • Network data detection method and device, computer equipment and storage medium
  • Network data detection method and device, computer equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0123] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of this application.

[0124] See figure 1 , is a schematic diagram of a network architecture provided by an embodiment of the present application. Such as figure 1 As shown, the network architecture may include an internal DNS server 10d located in a local area network, a detection server 10e, a plurality of terminal devices (such as figure 1 The shown terminal device 10a, terminal device 10b, and terminal device 10c) and the external DNS server 10f corresponding to the domain name to be accessed by the termin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a network data detection method and device, computer equipment and a storage medium, and the method comprises the steps: obtaining a tunnel request segment, obtaining at least two character strings contained in the tunnel request segment, and generating a character distribution matrix corresponding to the at least two character strings, wherein the character distribution matrix comprises elements corresponding to characters in the at least two character strings respectively, the elements comprise character distribution frequencies, and the character distribution frequencies are determined based on distribution positions of the characters in the at least two character strings; calculating abnormal request evaluation values respectively correspondingto at least two to-be-detected sub-matrixes in the character distribution matrix according to the character distribution frequencies, and selecting an abnormal request evaluation value meeting a numerical threshold value from the at least two abnormal request evaluation values as a target abnormal request evaluation value; and generating evaluation reference information for evaluating the abnormaltrend of the tunnel request segment according to the target abnormal request evaluation value. By adopting the embodiment of the invention, the accuracy of network data detection can be improved.

Description

technical field [0001] The present application relates to the technical field of the Internet, and in particular to a network data detection method, device, computer equipment and storage medium. Background technique [0002] The domain name system (Domain Name System, DNS) protocol is one of the essential network communication protocols, which can convert domain names and IP (interconnection protocol between networks) addresses. Most firewalls and intrusion detection devices basically do not filter, analyze or shield DNS, so encapsulating data in the DNS protocol for transmission is a covert means, that is, DNS tunnel refers to a covert channel established by using the DNS query process for data transfer. [0003] In the prior art, the DNS tunnel can be detected by counting the length of the domain name requested to be accessed and the frequency of the domain name requested to be accessed. It is determined that the client uses tunnel detection technology, but an attacker ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L63/029H04L61/4511
Inventor 李俊波张尧朱锦王文清朱海星
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap