CN106850344B - Encryption method for recognizing flux based on stream gradient guiding - Google Patents

Encryption method for recognizing flux based on stream gradient guiding Download PDF

Info

Publication number
CN106850344B
CN106850344B CN201710045963.7A CN201710045963A CN106850344B CN 106850344 B CN106850344 B CN 106850344B CN 201710045963 A CN201710045963 A CN 201710045963A CN 106850344 B CN106850344 B CN 106850344B
Authority
CN
China
Prior art keywords
data
flow
key mark
gradient
stream
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710045963.7A
Other languages
Chinese (zh)
Other versions
CN106850344A (en
Inventor
韩伟涛
伊鹏
张震
李向涛
李锦玲
白冰
董永吉
张鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PLA Information Engineering University
Original Assignee
PLA Information Engineering University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PLA Information Engineering University filed Critical PLA Information Engineering University
Priority to CN201710045963.7A priority Critical patent/CN106850344B/en
Publication of CN106850344A publication Critical patent/CN106850344A/en
Application granted granted Critical
Publication of CN106850344B publication Critical patent/CN106850344B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a kind of encryption method for recognizing flux based on stream gradient guiding, data flow gradient in known training set is calculated first is oriented to key mark, it extracts network traffic data and carries out key mark analysis, calculate separately the key mark of target encryption flow business and non-targeted encryption flow business in network;For unknown traffic to be measured, it calculates it and is oriented to key mark, and unknown stream key mark and target and non-targeted encryption flow business key mark relative offset amount, both judgements relative offset amount size, and then determine that the unknown stream encrypts flow business for target, or be non-targeted encryption flow business.Discrimination of the present invention is high, is easily used;To arbitrary network encrypt stream identification all have applicability, support the evolution of network, for the future may appear network encryption stream identification can also be compatible with.

Description

Encryption method for recognizing flux based on stream gradient guiding
Technical field
The invention belongs to technical field of the computer network, in particular to a kind of encryption flow identification based on stream gradient guiding Method.
Background technique
Peer-to-peer network (Peer-to-Peer, P2P) technology is achieved in current internet and is widely applied, such as: stream The numerous areas such as media business, VoIP, file-sharing all use peer-to-peer network transmission technology.It is easy to real since the technology has Now, bearing capacity is strong, is suitble to the features such as personal user, and utilization rate in a network is high.However, peer-to-peer network business is open The characteristics of formula, causes its safety to be unable to satisfy the demand of current network, the various trojan horses by encryption, Malwares, robber Version information is largely propagated in a peer-to-peer network, how to improve internet security as stern challenge.Existing encryption flow is known Other method has: encryption method for recognizing flux, encryption method for recognizing flux based on classical key mark based on machine learning etc.; But current encryption stream recognition method is unable to satisfy the demand of existing network in terms of discrimination and complexity, it is past Toward the gradient guiding for not accounting for network data flow;Also, existing encryption method for recognizing flux does not support that traffic characteristic is real-time The identification of variation does not have corresponding discrimination for widely encrypting stream.
Summary of the invention
In order to overcome the shortcomings in the prior art, the present invention provides a kind of encryption flow identification side based on stream gradient guiding Method solves the defect in terms of encryption stream discrimination in the prior art and complexity, is oriented to for the gradient of network data flow, real Better discrimination now is flowed to encryption, it is each to be applied to data transmission network for the safety of further Logistics networks information, stability In grade node, stream identification is encrypted to arbitrary network and all has applicability.
According to design scheme provided by the present invention, a kind of encryption method for recognizing flux based on stream gradient guiding includes Following steps:
Step 1 is gathered according to known data stream training, calculates data flow gradient and is oriented to key mark;
Step 2 extracts network data flow, includes crawl target encryption flow business data flow and non-targeted encryption flow Business data flow, the data flow gradient for calculating separately target encryption flow business are oriented to key mark and non-targeted encryption flow industry The data flow gradient of business is oriented to key mark;
Step 3 is directed to network unknown flow rate to be measured, calculates the data flow gradient guiding key mark of unknown flow rate;
Step 4 calculates separately the data flow gradient guiding key of unknown flow rate and target encryption flow business between the two Data flow gradient between the relative offset amount St and unknown flow rate of mark and non-targeted encryption flow business is oriented to key mark Relative offset amount Sn;
Step 5 judges whether relative offset amount St is greater than Sn, if so, determining that the unknown flow rate encrypts flow for target Otherwise business then determines that the unknown flow rate is non-targeted encryption flow business.
Above-mentioned, it calculates data flow gradient and is oriented to key mark, include following content:
Statistical data stream characteristic, the data flow characteristics data include that preamble data packet size, current data packet are big Small, preamble data Inter-arrival Time and current data Inter-arrival Time;
According to data flow characteristics data, data flow key mark is calculated, obtains its gradient guiding key mark.
Above-mentioned, data flow key mark is calculated, particular content is as follows:
According to the variable gradient of data flow characteristics data, its gradient guiding weighting function index is assessed, to data flow characteristics Data are weighted processing;
Portraying gradient guiding key mark is vector data pair, establishes data flow characterization Statistical Vector data sequence, obtains Vector probability density function;
Processing is filtered to vector probability density function by smoothing filter, the gradient guiding for obtaining the data flow is closed Key mark.
Above-mentioned, the variable gradient of data flow characteristics data is determined by data packet laststate with current state.
Above-mentioned, it is two-dimensional vector data sequence that data flow, which characterizes Statistical Vector data sequence, wherein the first dimension is by preceding Sequence data packet and the weighting of current data packet size determine that the second dimension arrives at interval weighting by preamble data packet and current data packet It determines.
Above-mentioned, data flow characterizes Statistical Vector data sequence, the ratio between current data packet and preamble data packet size, the two Variation is positively correlated.
Above-mentioned, data flow characterizes Statistical Vector data sequence, and current data Inter-arrival Time and preamble data packet reach The ratio between interval, the two variation are positively correlated.
Above-mentioned, the calculating relative offset amount in step 4, also comprising the modulo operation to relative offset amount.
Preferably, relative offset amount is used to compare the degree of approximation between data flow key mark, and relative offset amount is non-negative Number, value range [0,1].
Preferably, the element in relative offset amount unknown flow rate is crucial with Probability p application layer as corresponding to key mark Mark generates, and the data flow gradient guiding key mark maximum value of the element and unknown flow rate is positively correlated, the number with unknown flow rate It is positively correlated, is oriented to the data flow gradient of unknown flow rate crucial according to the weighted mean of stream gradient guiding key mark vector data pair It is negatively correlated to identify minimum value.
Beneficial effects of the present invention:
1, the present invention is oriented to key mark by calculating data flow gradient in known training set, extracts network traffic data And key mark analysis is carried out, it calculates separately target encryption flow business and non-targeted the crucial of encryption flow business in network and marks Know, for unknown traffic to be measured, be oriented to key mark calculation method using gradient, calculates the unknown crucial mark of stream gradient guiding Know, then calculate separately unknown stream key mark and target and non-targeted encryption flow business key mark relative offset amount, sentences Break unknown stream key mark and target encryption flow business key mark relative offset amount whether be greater than unknown stream key mark and Non-targeted encryption flow business key mark relative offset amount, if so, determine that the unknown stream encrypts flow business for target, if It is no, then determine that the unknown stream is non-targeted encryption flow business;Discrimination is high, more accurately.
2, the present invention is crucial applied in data transmission networks at different levels nodes at different levels, extracting unknown stream and calculating gradient guiding Compared with mark does relative offset amount with known target flow, stream type is determined;By comparing unknown traffic and training data The relative offset amount of key mark is flowed to determine whether target encrypting traffic, and discrimination is high, is easily used;To arbitrary network Encryption stream identification all has applicability, supports the evolution of network, for the future may appear the identification of network encryption stream can also be with It is compatible.
Detailed description of the invention:
Fig. 1 is flow diagram of the invention;
Fig. 2 is the implementation flow chart of embodiment two;
Fig. 3 is that data flow gradient is oriented to key mark calculation method flow diagram;
Fig. 4 is relative offset amount method of discrimination flow diagram.
Specific embodiment:
For the ease of hereafter understanding, the noun or abbreviation used in text are explained at this:
Gradient is oriented to key mark: by extraction and analysis preamble data packet statistical property, including data package size, when arrival Between be spaced, do not consider encrypt flow itself behavioral characteristic, utilize the characteristic statistics of preamble sample data packet and current data packet Data, building can accurately describe a kind of mathematics mark of data flow;It does not consider the content character of data flow itself, merely with Data flow characterization indicates there is stronger versatility.
Relative offset amount: utilizing data flow key mark, for indicating that two kinds of different data streams characterize the degree of approximation;It can be used In determining consistent degree between All-purpose Use stream, can determine whether two data flows are identical or approximate.
The present invention is described in further detail with technical solution with reference to the accompanying drawing, and detailed by preferred embodiment Describe bright embodiments of the present invention in detail, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Figure 1, a kind of encryption method for recognizing flux based on stream gradient guiding includes following step It is rapid:
Step 1 is gathered according to known data stream training, calculates data flow gradient and is oriented to key mark;
Step 2 extracts network data flow, includes crawl target encryption flow business data flow and non-targeted encryption flow Business data flow, the data flow gradient for calculating separately target encryption flow business are oriented to key mark and non-targeted encryption flow industry The data flow gradient of business is oriented to key mark;
Step 3 is directed to network unknown flow rate to be measured, calculates the data flow gradient guiding key mark of unknown flow rate;
Step 4 calculates separately the data flow gradient guiding key of unknown flow rate and target encryption flow business between the two Data flow gradient between the relative offset amount St and unknown flow rate of mark and non-targeted encryption flow business is oriented to key mark Relative offset amount Sn;
Step 5 judges whether relative offset amount St is greater than Sn, if so, determining that the unknown flow rate encrypts flow for target Otherwise business then determines that the unknown flow rate is non-targeted encryption flow business.
The present invention is oriented to key mark by calculating data flow gradient in known training set, extracts network traffic data simultaneously Key mark analysis is carried out, target encryption flow business and non-targeted the crucial of encryption flow business in network is calculated separately and marks Know, for unknown traffic to be measured, be oriented to key mark calculation method using gradient, calculates the unknown crucial mark of stream gradient guiding Know, then calculate separately unknown stream key mark and target and non-targeted encryption flow business key mark relative offset amount, sentences Break unknown stream key mark and target encryption flow business key mark relative offset amount whether be greater than unknown stream key mark and Non-targeted encryption flow business key mark relative offset amount, if so, determine that the unknown stream encrypts flow business for target, if It is no, then determine that the unknown stream is non-targeted encryption flow business;Discrimination is high, more accurately.
Embodiment two, referring to fig. 2~4 shown in, a kind of encryption method for recognizing flux based on stream gradient guiding, comprising as follows Content:
1) gathered according to known data stream training, statistical data stream characteristic, before the data flow characteristics data include Sequence data package size, current data packet size, preamble data Inter-arrival Time and current data Inter-arrival Time;According to data Characteristic is flowed, data flow key mark is calculated, according to the variable gradient of data flow characteristics data, assesses the guiding weighting of its gradient Function index is weighted processing to data flow characteristic;Portraying gradient guiding key mark is vector data pair, establishes number Statistical Vector data sequence is levied according to flow table, obtains vector probability density function;To alleviate noise jamming, to reduce data flow characteristics Interference between noise is filtered processing to vector probability density function by smoothing filter, obtains the ladder of the data flow Degree guiding key mark.
Wherein, the variable gradient of data flow characteristics data is determined by data packet laststate with current state.
Wherein, data flow characterization Statistical Vector data sequence is two-dimensional vector data sequence, wherein the first dimension is by preamble Data packet and the weighting of current data packet size determine that the second dimension arrives at interval weighting with current data packet by preamble data packet and determines It is fixed.
Gradient guiding weighted value should meet the following conditions in gradient guiding weighting function index:
1. Weighted Guidelines value is the real number greater than 0;
2. gradient guiding is stronger with the increase of characteristic index;
3. data flow characteristics variation is smaller, Weighted Guidelines more tend to stablize;
4. gradient guiding weakens with the increase of characteristic index;
Gradient guiding subtracts preamble data packet size logarithm by preamble data packet size and current data packet size and logarithm It determines, to accurately reflect data flow gradient.
Above-mentioned, data flow characterizes Statistical Vector data sequence, the ratio between current data packet and preamble data packet size, the two Variation is positively correlated.
Above-mentioned, data flow characterizes Statistical Vector data sequence, and current data Inter-arrival Time and preamble data packet reach The ratio between interval, the two variation are positively correlated.
2) network data flow is extracted, crawl target encryption flow business data flow and non-targeted encryption flow business are included Data flow, calculate separately target encryption flow business data flow gradient guiding key mark and non-targeted encryption flow business Data flow gradient is oriented to key mark.
3) it is directed to network unknown flow rate to be measured, calculates the data flow gradient guiding key mark of unknown flow rate.
4) the data flow gradient guiding key mark of unknown flow rate and target encryption flow business between the two is calculated separately Relative offset amount St and unknown flow rate and it is non-targeted encryption flow business between data flow gradient guiding key mark phase Close offset Sn.
Wherein, relative offset amount is calculated, also includes: to the modulo operation of relative offset amount.
Relative offset amount is used to compare the degree of approximation between data flow key mark, and relative offset amount is nonnegative number, value Range [0,1];For comparison result closer to 0, the two the not approximate, and closer to 1, the two is more approximate.
Preferably, the element in relative offset amount unknown flow rate is crucial with Probability p application layer as corresponding to key mark Mark generates, and the data flow gradient guiding key mark maximum value of the element and unknown flow rate is positively correlated, the number with unknown flow rate It is positively correlated, is oriented to the data flow gradient of unknown flow rate crucial according to the weighted mean of stream gradient guiding key mark vector data pair It is negatively correlated to identify minimum value.
5) judge whether relative offset amount St is greater than Sn, if so, determine that the unknown flow rate encrypts flow business for target, Otherwise, then determine that the unknown flow rate is non-targeted encryption flow business.
In the present invention, all gradient guide effect state vector ordered series of numbers are with the ratio between current data packet and preamble data packet size It is positively correlated, preamble data Bao Yue great, key mark vector number is to becoming small, otherwise it is big to become;All gradient guide effect state vectors Ordered series of numbers is positively correlated with the ratio between current data Inter-arrival Time and preamble data Inter-arrival Time, and arrival time interval is bigger, crucial Mark vector ordered series of numbers becomes small, otherwise it is big to become;It constitutes gradient guide effect state vector ordered series of numbers data package size part and uses and be with 2 The Logarithmic calculation at bottom;Gradient guide effect state vector ordered series of numbers data packet arrival time compartment is constituted to use with 10 the bottom of as Logarithmic calculation.It is beneficial to the simplification of method to handle preamble data packet as few as possible, chooses and increases with preamble data packet quantity Add, it is more accurate that gradient is oriented to key mark calculating.It integrates smoothing filter efficiency and filters out noise effects, as fuzzy window increases Greatly, increase gradient is still presented in filtering recall rate, but rate of rise has met filtering demands.
The present invention is applied in data transmission networks at different levels nodes at different levels, extracts unknown stream and calculates the crucial mark of gradient guiding Compared with knowledge does relative offset amount with known target flow, stream type is determined;By comparing unknown traffic and training data stream The relative offset amount of key mark determines whether target encrypting traffic, and discrimination is high, be easily used;To arbitrary network plus The identification of close stream all has applicability, supports the evolution of network, for the future may appear the identification of network encryption stream can also be simultaneous Hold.
The present invention is not limited to above-mentioned specific embodiment, and those skilled in the art can also make a variety of variations accordingly, but It is any all to cover within the scope of the claims with equivalent or similar variation of the invention.

Claims (8)

1. a kind of encryption method for recognizing flux based on stream gradient guiding, which is characterized in that comprise the following steps:
Step 1 is gathered according to known data stream training, calculates data flow gradient and is oriented to key mark;
Step 2 extracts network data flow, includes crawl target encryption flow business data flow and non-targeted encryption flow business Data flow, calculate separately target encryption flow business data flow gradient guiding key mark and non-targeted encryption flow business Data flow gradient is oriented to key mark;
Step 3 is directed to network unknown flow rate to be measured, calculates the data flow gradient guiding key mark of unknown flow rate;
Step 4 calculates separately the data flow gradient guiding key mark of unknown flow rate and target encryption flow business between the two Relative offset amount St and unknown flow rate and it is non-targeted encryption flow business between data flow gradient guiding key mark phase Close offset Sn;
Step 5 judges whether relative offset amount St is greater than Sn, if so, determine that the unknown flow rate encrypts flow business for target, Otherwise, then determine that the unknown flow rate is non-targeted encryption flow business;
It calculates data flow gradient and is oriented to key mark, include following content:
Statistical data stream characteristic, the data flow characteristics data include preamble data packet size, current data packet size, preceding Ordinal number is according to Inter-arrival Time and current data Inter-arrival Time;
According to data flow characteristics data, data flow key mark is calculated, obtains its gradient guiding key mark;
Data flow key mark is calculated, particular content is as follows:
According to the variable gradient of data flow characteristics data, its gradient guiding weighting function index is assessed, to data flow characteristic It is weighted processing;
Portraying gradient guiding key mark is vector data pair, establishes data flow characterization Statistical Vector data sequence, obtains vector Probability density function;
Processing is filtered to vector probability density function by smoothing filter, obtains the crucial mark of gradient guiding of the data flow Know.
2. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that data flow is special The variable gradient of sign data is determined by data packet laststate with current state.
3. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that data stream list Sign Statistical Vector data sequence is two-dimensional vector data sequence, wherein the first dimension is big by preamble data packet and current data packet Small weighting determines that the second dimension arrives at interval weighting with current data packet by preamble data packet and determines.
4. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that data stream list Statistical Vector data sequence, the ratio between current data packet and preamble data packet size are levied, the two variation is positively correlated.
5. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that data stream list Statistical Vector data sequence, the ratio between current data Inter-arrival Time and preamble data Inter-arrival Time are levied, the two variation is positively correlated.
6. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that in step 4 Calculating relative offset amount, also comprising to the modulo operation of relative offset amount.
7. the encryption method for recognizing flux according to claim 6 based on stream gradient guiding, which is characterized in that relative offset Amount is nonnegative number, value range [0,1] for comparing the degree of approximation between data flow key mark, relative offset amount.
8. the encryption method for recognizing flux according to claim 7 based on stream gradient guiding, which is characterized in that relative offset The element in unknown flow rate is measured with the generation of Probability p application layer key mark as corresponding to key mark, the element and unknown stream The data flow gradient guiding key mark maximum value of amount is positively correlated, and is oriented to key mark vector with the data flow gradient of unknown flow rate The weighted mean of data pair is positively correlated, negatively correlated with the data flow gradient guiding key mark minimum value of unknown flow rate.
CN201710045963.7A 2017-01-22 2017-01-22 Encryption method for recognizing flux based on stream gradient guiding Active CN106850344B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710045963.7A CN106850344B (en) 2017-01-22 2017-01-22 Encryption method for recognizing flux based on stream gradient guiding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710045963.7A CN106850344B (en) 2017-01-22 2017-01-22 Encryption method for recognizing flux based on stream gradient guiding

Publications (2)

Publication Number Publication Date
CN106850344A CN106850344A (en) 2017-06-13
CN106850344B true CN106850344B (en) 2019-10-29

Family

ID=59119846

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710045963.7A Active CN106850344B (en) 2017-01-22 2017-01-22 Encryption method for recognizing flux based on stream gradient guiding

Country Status (1)

Country Link
CN (1) CN106850344B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107508764B (en) * 2017-07-03 2020-04-10 网宿科技股份有限公司 Network data traffic type identification method and device
CN108566340B (en) * 2018-02-05 2021-03-09 中国科学院信息工程研究所 Network flow refined classification method and device based on dynamic time warping algorithm
CN113542195B (en) * 2020-04-16 2023-05-05 北京观成科技有限公司 Method, system and equipment for detecting malicious encrypted traffic

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098346A (en) * 2011-02-23 2011-06-15 北京邮电大学 Method for identifying flow of P2P (peer-to-peer) stream media in unknown flow
CN103544488A (en) * 2013-11-07 2014-01-29 湖南创合制造有限公司 Face recognition method and device
CN103873320A (en) * 2013-12-27 2014-06-18 北京天融信科技有限公司 Encrypted flow rate recognizing method and device
CN104520813A (en) * 2012-08-16 2015-04-15 华为技术有限公司 Control pool based enterprise policy enabler for controlled cloud access
US9128528B2 (en) * 2012-06-22 2015-09-08 Cisco Technology, Inc. Image-based real-time gesture recognition
CN105721242A (en) * 2016-01-26 2016-06-29 国家信息技术安全研究中心 Information entropy-based encrypted traffic identification method
CN105827472A (en) * 2015-01-04 2016-08-03 华为技术有限公司 Network data flow type detection method and network data flow type detection device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030101253A1 (en) * 2001-11-29 2003-05-29 Takayuki Saito Method and system for distributing data in a network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098346A (en) * 2011-02-23 2011-06-15 北京邮电大学 Method for identifying flow of P2P (peer-to-peer) stream media in unknown flow
US9128528B2 (en) * 2012-06-22 2015-09-08 Cisco Technology, Inc. Image-based real-time gesture recognition
CN104520813A (en) * 2012-08-16 2015-04-15 华为技术有限公司 Control pool based enterprise policy enabler for controlled cloud access
CN103544488A (en) * 2013-11-07 2014-01-29 湖南创合制造有限公司 Face recognition method and device
CN103873320A (en) * 2013-12-27 2014-06-18 北京天融信科技有限公司 Encrypted flow rate recognizing method and device
CN105827472A (en) * 2015-01-04 2016-08-03 华为技术有限公司 Network data flow type detection method and network data flow type detection device
CN105721242A (en) * 2016-01-26 2016-06-29 国家信息技术安全研究中心 Information entropy-based encrypted traffic identification method

Also Published As

Publication number Publication date
CN106850344A (en) 2017-06-13

Similar Documents

Publication Publication Date Title
Salman et al. A review on machine learning–based approaches for Internet traffic classification
Meidan et al. ProfilIoT: A machine learning approach for IoT device identification based on network traffic analysis
US10033757B2 (en) Identifying malicious identifiers
Yao et al. Encrypted traffic classification based on Gaussian mixture models and Hidden Markov Models
CN103023725B (en) Anomaly detection method based on network flow analysis
CN111355697B (en) Detection method, device, equipment and storage medium for botnet domain name family
CN108768883B (en) Network traffic identification method and device
Le et al. Data analytics on network traffic flows for botnet behaviour detection
CN106850344B (en) Encryption method for recognizing flux based on stream gradient guiding
CN108629183A (en) Multi-model malicious code detecting method based on Credibility probability section
CN105281973A (en) Webpage fingerprint identification method aiming at specific website category
CN110417810A (en) The malice for the enhancing model that logic-based returns encrypts flow rate testing methods
CN108063768B (en) Network malicious behavior identification method and device based on network gene technology
CN104244035A (en) Network video flow classification method based on multilayer clustering
CN110611640A (en) DNS protocol hidden channel detection method based on random forest
CN113821793B (en) Multi-stage attack scene construction method and system based on graph convolution neural network
CN115277102B (en) Network attack detection method and device, electronic equipment and storage medium
CN111245784A (en) Method for multi-dimensional detection of malicious domain name
CN109151880A (en) Mobile application flow identification method based on multilayer classifier
CN109525577B (en) Malicious software detection method based on HTTP behavior diagram
CN109088862B (en) Node property identification method based on distributed system
Hostiadi et al. Hybrid model for bot group activity detection using similarity and correlation approaches based on network traffic flows analysis
Zheng et al. Preprocessing method for encrypted traffic based on semisupervised clustering
CN111478921A (en) Method, device and equipment for detecting communication of hidden channel
Nishiyama et al. SILU: Strategy involving large-scale unlabeled logs for improving malware detector

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant