Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An abnormal traffic detection method for encrypted network based on knowledge graph

A technology of knowledge graph and traffic detection, which is applied in the field of network abnormal traffic detection

Active Publication Date: 2021-09-14
NO 15 INST OF CHINA ELECTRONICS TECH GRP +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] In order to solve the problem of the accuracy and timeliness of encrypted abnormal traffic detection, the present invention provides a method for detecting abnormal encrypted network traffic based on a knowledge map, which describes the network communication process based on the knowledge map, and compares the data packets in the network The source and destination IP addresses in the entity are extracted to obtain the vertex, and the relationship between the source and destination entities is constructed according to the flag bit or interaction information of the data message, and the proportion of the number of interactive communications between the entities and the number of connections between the two entities are counted Proportion, to judge whether the network communication traffic is normal or not

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An abnormal traffic detection method for encrypted network based on knowledge graph
  • An abnormal traffic detection method for encrypted network based on knowledge graph
  • An abnormal traffic detection method for encrypted network based on knowledge graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to better understand the contents of the present invention, an example is given here.

[0031] All kinds of data on the Internet are represented in the form of knowledge graphs, which can more clearly and intuitively show the behavior of each entity and the relationship between entities. A typical application scenario is that user A communicates with user B, and there is a lot of traffic between them. User A sends a request message to user B. In the data message, user A is the source IP entity, and user B is For the destination IP entity, if the traffic is normal, user B will respond to user A with a response message. One party requests and the other party responds. This connection is a group of real connections. This communication process is normal communication traffic, such as figure 1 shown. An abnormal communication flow process is that user A sends a request packet to user B, but user A does not respond to the response packet sent by user B to user A, so...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting abnormal traffic in an encrypted network based on a knowledge map, comprising the following steps: using packet capture software to capture messages and keys in the negotiation phase of an encryption protocol; using the key to decrypt the encrypted traffic to obtain plain text Data message; real-time acquisition of various data messages generated in the communication network; each entity in the data message is used as a vertex, and the relationship attributes between entities are used as edges to construct a knowledge graph; Relationship, count the number of connections, the number of interactive information, the proportion of real connections, and the proportion of virtual connections between two entities; count the final detection values ​​of all entities, and judge whether each detection value is greater than its corresponding threshold. If it is greater than the threshold, then Judging that there is abnormal traffic in the communication network, and issuing an abnormal traffic warning. The invention takes the data flow as the object, detects the internal message of the data flow, and uses the knowledge map to describe the traffic behavior, thereby improving the detection efficiency and accuracy.

Description

technical field [0001] The invention belongs to the field of network abnormal traffic detection in network security, and in particular relates to a method for detecting abnormal traffic of an encrypted network based on a knowledge graph. Background technique [0002] With the increasing awareness of network security prevention, encrypted communication has become the mainstream. While protecting privacy, traffic encryption also conceals illegal attempts. While changing the form of threats, it also brings huge challenges to network security defense. Abnormal encrypted traffic detection is a key issue in the field of Internet security. How to realize real-time and accurate identification of network encrypted traffic is a key issue in the field of cyberspace security in my country. focus of model research. [0003] Knowledge graph is a structured semantic knowledge base, which is used to describe concepts and their relationships in the physical world in symbolic form. Its basic ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24H04L9/08
CPCH04L9/085H04L9/0869H04L41/145H04L63/06H04L63/0823H04L63/1425
Inventor 任传伦郭世泽张先国冯景瑜杨令夏建民俞赛赛刘晓影乌吉斯古愣孟祥頔
Owner NO 15 INST OF CHINA ELECTRONICS TECH GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com