Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Encrypted network abnormal flow detection method based on knowledge graph

A technology of knowledge graph and traffic detection, which is applied in the field of network abnormal traffic detection

Active Publication Date: 2021-05-11
NO 15 INST OF CHINA ELECTRONICS TECH GRP +1
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] In order to solve the problem of the accuracy and timeliness of encrypted abnormal traffic detection, the present invention provides a method for detecting abnormal encrypted network traffic based on a knowledge map, which describes the network communication process based on the knowledge map, and compares the data packets in the network The source and destination IP addresses in the entity are extracted to obtain the vertex, and the relationship between the source and destination entities is constructed according to the flag bit or interaction information of the data message, and the proportion of the number of interactive communications between the entities and the number of connections between the two entities are counted Proportion, to judge whether the network communication traffic is normal or not

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encrypted network abnormal flow detection method based on knowledge graph
  • Encrypted network abnormal flow detection method based on knowledge graph
  • Encrypted network abnormal flow detection method based on knowledge graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to better understand the contents of the present invention, an example is given here.

[0031] All kinds of data on the Internet are represented in the form of knowledge graphs, which can more clearly and intuitively show the behavior of each entity and the relationship between entities. A typical application scenario is that user A communicates with user B, and there is a lot of traffic between them. User A sends a request message to user B. In the data message, user A is the source IP entity, and user B is For the destination IP entity, if the traffic is normal, user B will respond to user A with a response message. One party requests and the other party responds. This connection is a group of real connections. This communication process is normal communication traffic, such as figure 1 shown. An abnormal communication flow process is that user A sends a request packet to user B, but user A does not respond to the response packet sent by user B to user A, so...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an encrypted network abnormal flow detection method based on a knowledge graph. The method comprises the following steps: capturing a message and a secret key in an encryption protocol negotiation stage by using packet capturing software; decrypting the encrypted traffic by using the secret key to obtain a plaintext data message; acquiring various data messages generated in a communication network in real time; constructing a knowledge graph by taking each entity in the data messages as a vertex and taking a relationship attribute among the entities as an edge; according to the relation between two entities in the knowledge graph, counting the number of connections, the number of interaction information, the proportion of real connections and the proportion of virtual connections between the two entities; and carrying out statistical analysis on final detection values of all the entities; judging whether each detection value is greater than a corresponding threshold value or not; if yes, judging that abnormal traffic exists in the communication network, and sending out abnormal traffic early warning. According to the method, the internal messages of the data stream are detected by taking the data stream as an object, and the flow behavior is described by using the knowledge graph, so that the detection efficiency and accuracy are improved.

Description

technical field [0001] The invention belongs to the field of network abnormal traffic detection in network security, and in particular relates to a method for detecting abnormal traffic of an encrypted network based on a knowledge graph. Background technique [0002] With the increasing awareness of network security prevention, encrypted communication has become the mainstream. While protecting privacy, traffic encryption also conceals illegal attempts. While changing the form of threats, it also brings huge challenges to network security defense. Abnormal encrypted traffic detection is a key issue in the field of Internet security. How to realize real-time and accurate identification of network encrypted traffic is a key issue in the field of cyberspace security in my country. focus of model research. [0003] Knowledge graph is a structured semantic knowledge base, which is used to describe concepts and their relationships in the physical world in symbolic form. Its basic ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24H04L9/08
CPCH04L9/085H04L9/0869H04L41/145H04L63/06H04L63/0823H04L63/1425
Inventor 任传伦郭世泽张先国冯景瑜杨令夏建民俞赛赛刘晓影乌吉斯古愣孟祥頔
Owner NO 15 INST OF CHINA ELECTRONICS TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com