Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

VPN (Virtual Private Network) traffic quick recognition method for high-speed network

A high-speed network and identification method technology, applied in the field of cyberspace security, can solve problems such as unrealistic resource consumption, inability to apply high-speed networks, and affect accuracy, so as to achieve good practicability and application prospects, good identification stability, and privacy protection The effect of sexual problems

Pending Publication Date: 2021-08-20
SOUTHEAST UNIV
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The SSL VPN traffic identification method based on time-domain features and handshake protocol features takes continuous duration as the traffic feature, and the feature-enhanced VPN traffic identification method completes the feature extraction of the surge period according to the traffic density. These features have strong time Correlation, because different network states will lead to different traffic characteristics, it is easily affected by the network state of the sample traffic and thus affects the accuracy of recognition
The method of traffic characteristics based on density data extraction does not involve specific protocol content, and the identification of VPN traffic lacks strong pertinence, resulting in poor accuracy and practicability
There are also methods that use Bit-level DPI fingerprint generation technology. However, this method involves analyzing the plaintext in the payload of the data packet, which is not efficient in calculation and is not suitable for mass flow detection of high-speed networks. With the encryption protocol With the development of the TLS1.3 protocol and the widespread application of the TLS1.3 protocol, the plaintext fingerprint features that can be analyzed by DPI have rarely appeared, making this method unapplicable
In addition, there is another method for the identification of encrypted traffic protocols in VPN, using deep learning technology, but this method does not give a description of the identification process of VPN traffic, does not give how to obtain the characteristics of VPN traffic, and the identification effect is not clear
In addition, the above methods are all for detecting the complete data flow, and in a high-speed network, it is unrealistic to save and analyze all the complete traffic as a mirror image in terms of resource consumption. The requirements are all through the method of retaining sampled data analysis, which makes the above method not applicable to high-speed networks
[0005] To sum up, the existing methods have the following main problems: (1) The current methods are all based on the complete flow data for research, and the selected features are only suitable for the identification data of the complete flow; (2) Massive data processing in high-speed networks requires consumption A large number of computing and storage resources can only be analyzed by sampling traffic, so the current method of identifying complete traffic is not suitable for sampling traffic data detection in high-speed networks; (3) the current method is limited by time factors and network service quality The identification of VPN traffic lacks pertinence and stability; (4) The existing method involves the payload analysis of data packets, which is not efficient in calculation and is not suitable for the detection of massive traffic data in high-speed networks
The above problems lead to the inability of the existing methods to quickly identify VPN traffic in a high-speed network environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • VPN (Virtual Private Network) traffic quick recognition method for high-speed network
  • VPN (Virtual Private Network) traffic quick recognition method for high-speed network
  • VPN (Virtual Private Network) traffic quick recognition method for high-speed network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0068] Embodiment 1: the present invention proposes a kind of high-speed network-oriented VPN traffic fast identification method, and its structural framework is as follows figure 1 shown, including the following steps:

[0069] (1) Collect and save VPN traffic data and common traffic data for model training;

[0070] The specific process of this step is as follows:

[0071] (1.1) Install VPN proxy tools, among which V2RayN is installed on the PC side, V2RayNG is installed on the mobile side, and V2Ray proxy plug-in is installed on the router;

[0072] (1.2) Start tcpdump to start VPN traffic data collection;

[0073] (1.3) Use VPN proxy tools for network access;

[0074] (1.4) Stop collecting after the network access ends, and store the VPN flow data file (.pcap) between the currently collected host end and the VPS;

[0075] (1.5) Start tcpdump to start ordinary traffic data collection;

[0076] (1.6) Turn off the VPN proxy service and use common applications to operate...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a VPN (Virtual Private Network) traffic quick recognition method for a high-speed network. The method comprises the following specific steps: model training and model use. During model training, traffic sampling collection is performed in a controllable network environment, related features capable of being used for VPN traffic recognition and classification after sampling are selected, and a small-scale traffic data training set is constructed for model training. When the model is used, traffic sampling is carried out in a high-speed network, long-flow traffic is filtered out through a Count Bloom Filter algorithm, statistical information is stored in a hash table through a link method, feature values are extracted according to the recorded statistical information, and traffic feature records are obtained and used for traffic detection. According to the method, the VPN traffic existing in the high-speed network can be quickly and accurately recognized, the agent tools used by the VPN traffic are classified, and the detection capability of the network traffic is effectively improved.

Description

technical field [0001] The invention belongs to the technical field of network space security, and relates to a high-speed network-oriented VPN traffic fast identification method. Background technique [0002] With the rapid development of information technology, the rapid expansion of the scale of the Internet, and the continuous increase of various types of network services, the issue of information security has attracted increasing attention. In order to ensure the security of data transmission, more and more traffic is transmitted after being encrypted. Encryption offers many benefits to users to ensure end-to-end confidentiality and confidentiality of data. While ensuring information security, encryption technology also allows malicious users to hide their information and whereabouts in this way, which brings new challenges to traffic auditing. [0003] As one of the main technologies for encrypting network traffic, virtual private network (VPN) technology is widely u...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62H04L12/851
CPCH04L47/2483H04L47/2441H04L12/4641G06F18/2411G06F18/214
Inventor 吴桦刘玉洁
Owner SOUTHEAST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com