Method and device for detecting malicious encrypted traffic

A traffic detection and malicious technology, applied in the field of network security, can solve problems such as high calculation and time overhead, dependence on human professional knowledge, unsatisfactory single flow statistical characteristics or data representation detection effect, etc., to achieve accurate detection and high robustness Effect

Active Publication Date: 2022-06-17
BEIJING UNIV OF POSTS & TELECOMM
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Embodiments of the present invention provide a malicious encrypted traffic detection method and device to eliminate or improve one or more defects existing in the prior art, and to solve the problem that the prior art detects malicious encrypted traffic with large calculation and time overheads , relying too much on human expertise, paying too much attention to the statistical characteristics or data representation of a single stream leads to unsatisfactory detection results

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting malicious encrypted traffic
  • Method and device for detecting malicious encrypted traffic
  • Method and device for detecting malicious encrypted traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments and accompanying drawings. Here, the exemplary embodiments of the present invention and their descriptions are used to explain the present invention, but not to limit the present invention.

[0054] Here, it should also be noted that, in order to avoid obscuring the present invention due to unnecessary details, only the structures and / or processing steps closely related to the solution according to the present invention are shown in the drawings, and the related structures and / or processing steps are omitted. Other details not relevant to the invention.

[0055] It should be emphasized that the term "comprising / comprising" when used herein refers to the presence of a feature, element, step or component, but does not exclude the presence or addition of one or more other feat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a method and device for detecting malicious encrypted traffic. The method constructs an encrypted graph by mining the correlation between encrypted sessions in the encrypted traffic, and converts single-stream isolated analysis to multi-stream collaborative analysis. At the same time, two types of attributes are proposed to describe the encrypted malicious traffic, one is the credibility of the evaluation based on the handshake information, and the other is the stationarity of the evaluation based on the TLS record length sequence. Confidence value and stationarity value, and input the pre-trained feed-forward neural network to get malicious score to identify encrypted malicious traffic. The invention detects the malicious encrypted traffic more accurately and has higher robustness by mining the relationship between encrypted sessions.

Description

technical field [0001] The present invention relates to the technical field of network security, and in particular, to a method and device for detecting malicious encrypted traffic. Background technique [0002] Encrypted traffic in the network is increasing rapidly. Security protocols such as SSL (secure Socket Layer) and upgraded TLS (Transport Layer Security) are widely used to establish trusted encrypted connections, which effectively ensure the confidentiality and integrity of network communications. Google's Transparency Report shows that more than 95% of traffic passing through Google is encrypted. Encryption as a security measure leaves a grey area of ​​traffic for attackers to hide their malicious activities, such as malware delivery, Command & Control Channel (Command & Control Channel), and data return. Related reports show that since 2019, the number of cyberattacks using encrypted channels to bypass traditional security controls has rapidly increased by 260%. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40G06N3/04G06N3/08
CPCH04L63/1408H04L63/1416G06N3/084G06N3/044G06N3/045
Inventor 杨彦青赵键锦李祺
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap