CN109660656A - A kind of intelligent terminal method for identifying application program - Google Patents

A kind of intelligent terminal method for identifying application program Download PDF

Info

Publication number
CN109660656A
CN109660656A CN201811380538.4A CN201811380538A CN109660656A CN 109660656 A CN109660656 A CN 109660656A CN 201811380538 A CN201811380538 A CN 201811380538A CN 109660656 A CN109660656 A CN 109660656A
Authority
CN
China
Prior art keywords
feature
application
application program
program
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811380538.4A
Other languages
Chinese (zh)
Inventor
尚凤军
周丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201811380538.4A priority Critical patent/CN109660656A/en
Publication of CN109660656A publication Critical patent/CN109660656A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/285Selection of pattern recognition techniques, e.g. of classifiers in a multi-classifier system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72484User interfaces specially adapted for cordless or mobile telephones wherein functions are triggered by incoming communication events

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Mining & Analysis (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Human Computer Interaction (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of intelligent terminal method for identifying application program, the method for recognizing flux based on machine learning has good scalability, can excavate the implicit feature of network flow, can accurately identify refined net stream, and can also find new network application.Due to based on machine learning classification method relatively intelligent, flexibly, in recent years, more and more net flow assorted researchs concentrate on this field.Compared with prior art, maneuvering load analysis part information of the present invention avoids invasion of privacy and identifies to encryption flow, has the value of popularization and application.

Description

A kind of intelligent terminal method for identifying application program
Technical field
The present invention relates to network technique field more particularly to a kind of intelligent terminal method for identifying application program.
Background technique
In daily life, smart phone uses more and more, this is that a kind of deep (and rapid) changes Pass through the property of the flow of home and enterprise networks and internet.The service condition of analysing terminal user, to operator or There is corresponding benefit to this other interested client.In recent years, there is prolonged research to the research of traffic classification this block.Than Such as, based on the recognition methods of port, the method is not highly desirable for the processing for encrypting flow;Deep packet inspection method is Application data packet is analyzed by load information, to identify target program;Statistics-Based Method;Finally be and Its method learnt, include by extracting implicit, systematicness effective information from big data, in network flow it is huge, Complicated data, nowadays sight has been placed on the method for recognizing flux based on machine learning by academia.It is being based on machine learning Method for recognizing flux in, it is most important that selection rationally effective traffic characteristic and the suitable training learning algorithm of selection.Such as The present, researcher commonly trained learning method to have in network flow identification research: supervised learning, unsupervised learning and half Supervised learning.By the analysis of three aspects, the method for recognizing flux based on machine learning has good scalability, can excavate The implicit feature of network flow can accurately identify refined net stream, and can also find new network application.By to various The comparison of identification technology, present invention uses the mode of fuzzy clustering (FCM) and multi-categorizer (SVM, RF), the two is combined, Improve the precision and efficiency of application program identification.There is following centralized way in the prior art:
1, based on the method for recognizing flux of load characteristic
This detection method may invade the privacy of communicating pair, the data flow of encryption can not be identified, to emerging Using the tagged word phase library that needs to timely update, and the net load for parsing flow needs very big operand.So with network Data encryption technology is generally continued to introduce new using with various network applications in communication, and this method for recognizing flux will be more To be more unable to satisfy actual needs.
Defect: 1) increasing with more and more non-standard applications and proprietary protocol, so that these applications and agreement lack The standard for being applicable in and opening less keeps feature string variable and detection difficult.If 2) the accidental enciphering stream in subnetwork flow is associated with Dry feature string, increases false detection rate.3) certain feature strings are not representative, cannot be complete for whole network flows Match, reduces recall rate.4) syntax and semantics analysis can generate a large amount of calculating in load detection process, increase overhead Greatly.
2, the method for recognizing flux based on network behavior feature
This method needs processed offline mass data stream to safeguard and match numerous rule of conduct, therefore can not be It is identified in real time in practical application;Moreover, the continuous variation of network environment can also change the behavioural characteristic of flow, it is thus possible to The method for recognizing flux based on network behavior feature is caused to fail because of the difference of network environment.
Summary of the invention
The object of the invention is that providing a kind of intelligent terminal method for identifying application program to solve the above-mentioned problems.
The present invention through the following technical solutions to achieve the above objectives:
The present invention the following steps are included:
(1) it is based on the process of fuzzy clustering (FCM):
(1.1) the application data packet (configuration of fiddler, for Android mobile phone of fiddler setting capture mobile terminal Data packet grasping means, the data traffic for the application program being currently running is collected, be stored in TXT file or It is that the amount of data set reaches certain degree in excel file), using the method for fuzzy clustering, separate the affiliated class of application program Not;Such as social program, read routine, video program etc.;
(1.2) network flow feature is extracted, and network flow feature is tested, if is valuable characteristic information, obtains Obtain network flow feature set;C={ C1,C2,...,Cn, the feature of network flow generally has, total packet number, average packet size, total byte Number, average load size, the duration of stream etc.;
(1.3) by way of fuzzy clustering, after training Fuzzy Cluster Model in advance, when to certain program data packet After feature extraction after being captured, target program is attributed to certain class;
(2) application of fuzzy clustering (FCM):
(2.1) pass through analysis feature set C={ C1,C2,...,CnIn the biggish characteristic component of discrimination, analyze class Other program, such as it is divided into social application program, read routine, video program etc.;
(2.2) extraction of feature set, multiple features are chosen;When feature can be the size of data packet, data Inter-arrival Time Between, response time etc. of packet;
(3) application of multi-categorizer:
(3.1) characteristic acquires: the former used feature can be ignored, the remaining biggish spy of difference degree is utilized Sign, does classification to the end using multi-categorizers such as SVM, random forests
(3.2) SVM support vector machine classifier: major class classification is carried out as base classifier;Utilize fuzzy clustering method point After good major class;After data to be detected input, determine which classification is the data belong to using SVM base classifier, under One step disaggregated classification device is prepared;
(3.3) random forest grader: as subdivision application class device;Reach application program identification with the classifier Purpose.
The beneficial effects of the present invention are:
The present invention is a kind of intelligent terminal method for identifying application program, compared with prior art, maneuvering load of the present invention point Partial information is analysed, invasion of privacy is avoided and encryption flow is identified, is had the value of popularization and application.
Detailed description of the invention
Fig. 1 is algorithm flow chart of the invention.
Specific embodiment
The present invention will be further explained below with reference to the attached drawings:
The present invention the following steps are included:
(1) it is based on the process of fuzzy clustering (FCM):
(1.1) the application data packet (configuration of fiddler, for Android mobile phone of fiddler setting capture mobile terminal Data packet grasping means, the data traffic for the application program being currently running is collected, be stored in TXT file or It is that the amount of data set reaches certain degree in excel file), using the method for fuzzy clustering, separate the affiliated class of application program Not;Such as social program, read routine, video program etc.;
(1.2) network flow feature is extracted, and network flow feature is tested, if is valuable characteristic information, obtains Obtain network flow feature set;C={ C1,C2,...,Cn, the feature of network flow generally has, total packet number, average packet size, total byte Number, average load size, the duration of stream etc.;
(1.3) by way of fuzzy clustering, after training Fuzzy Cluster Model in advance, when to certain program data packet After feature extraction after being captured, target program is attributed to certain class;
(2) application of fuzzy clustering (FCM):
(2.1) pass through analysis feature set C={ C1,C2,...,CnIn the biggish characteristic component of discrimination, analyze class Other program, such as it is divided into social application program, read routine, video program etc.;
(2.2) extraction of feature set, multiple features are chosen;When feature can be the size of data packet, data Inter-arrival Time Between, response time etc. of packet;
(3) application of multi-categorizer:
(3.1) characteristic acquires: the former used feature can be ignored, the remaining biggish spy of difference degree is utilized Sign, does classification to the end using multi-categorizers such as SVM, random forests
(3.2) SVM support vector machine classifier: major class classification is carried out as base classifier;Utilize fuzzy clustering method point After good major class;After data to be detected input, determine which classification is the data belong to using SVM base classifier, under One step disaggregated classification device is prepared;
(3.3) random forest grader: as subdivision application class device;Reach application program identification with the classifier Purpose.
Method for recognizing flux based on machine learning has good scalability, can excavate the implicit spy of network flow Sign, can accurately identify refined net stream, and can also find new network application.Due to the classification method based on machine learning compared with Intelligent, flexible, in recent years, more and more net flow assorted researchs concentrate on this field.
Basic principles and main features and advantages of the present invention of the invention have been shown and described above.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its Equivalent thereof.

Claims (1)

1. a kind of intelligent terminal method for identifying application program, it is characterised in that: the following steps are included:
(1) it is based on the process of fuzzy clustering (FCM):
(1.1) the application data packet (configuration of fiddler, for the number of Android mobile phone of fiddler setting capture mobile terminal According to packet grasping means, the data traffic for the application program being currently running is collected, is stored in TXT file or excel text It is that the amount of data set reaches certain degree in part), using the method for fuzzy clustering, separate application program generic;Such as Social program, read routine, video program etc.;
(1.2) network flow feature is extracted, and network flow feature is tested, if is valuable characteristic information, obtains net Network stream feature set;C={ C1,C2,...,Cn, the feature of network flow generally has, and total packet number, total bytes, is put down at average packet size Equal payload size, duration of stream etc.;
(1.3) it by way of fuzzy clustering, after training Fuzzy Cluster Model in advance, is carried out when to certain program data packet After feature extraction after capture, target program is attributed to certain class;
(2) application of fuzzy clustering (FCM):
(2.1) pass through analysis feature set C={ C1,C2,...,CnIn the biggish characteristic component of discrimination, analyze classification journey Sequence, such as it is divided into social application program, read routine, video program etc.;
(2.2) extraction of feature set, multiple features are chosen;Feature can be the size of data packet, data packet interarrival time, packet Response time etc.;
(3) application of multi-categorizer:
(3.1) characteristic acquires: the former used feature can be ignored, the remaining biggish feature of difference degree, benefit are utilized Classification to the end is done with multi-categorizers such as SVM, random forests
(3.2) SVM support vector machine classifier: major class classification is carried out as base classifier;It is good big using fuzzy clustering method point After class;After data to be detected input, determine which classification is the data belong to using SVM base classifier, in next step Disaggregated classification device is prepared;
(3.3) random forest grader: as subdivision application class device;Reach the mesh of application program identification with the classifier 's.
CN201811380538.4A 2018-11-20 2018-11-20 A kind of intelligent terminal method for identifying application program Pending CN109660656A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811380538.4A CN109660656A (en) 2018-11-20 2018-11-20 A kind of intelligent terminal method for identifying application program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811380538.4A CN109660656A (en) 2018-11-20 2018-11-20 A kind of intelligent terminal method for identifying application program

Publications (1)

Publication Number Publication Date
CN109660656A true CN109660656A (en) 2019-04-19

Family

ID=66111388

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811380538.4A Pending CN109660656A (en) 2018-11-20 2018-11-20 A kind of intelligent terminal method for identifying application program

Country Status (1)

Country Link
CN (1) CN109660656A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110417729A (en) * 2019-06-12 2019-11-05 中国科学院信息工程研究所 A kind of service and application class method and system encrypting flow
CN110674010A (en) * 2019-09-10 2020-01-10 西安电子科技大学 Intelligent device application program identification method based on session length probability distribution
CN111510422A (en) * 2020-01-09 2020-08-07 中国石油大学(华东) Identity authentication method based on terminal information extension sequence and random forest model
CN112134856A (en) * 2020-09-02 2020-12-25 中移(杭州)信息技术有限公司 Method, system, server and storage medium for disabling application program

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645806A (en) * 2009-09-04 2010-02-10 东南大学 Network flow classifying system and network flow classifying method combining DPI and DFI
CN101741744A (en) * 2009-12-17 2010-06-16 东南大学 Network flow identification method
CN102945238A (en) * 2012-09-05 2013-02-27 南京航空航天大学 Fuzzy ISODATA (interactive self-organizing data) based feature selection method
US20140064080A1 (en) * 2012-08-30 2014-03-06 Patrick Stevens Apparatus and method for staged traffic classification among terminal and aggregation nodes of a broadband communications system
CN104052639A (en) * 2014-07-02 2014-09-17 山东大学 Real-time multi-application network flow identification method based on support vector machine
CN104468273A (en) * 2014-12-12 2015-03-25 北京百度网讯科技有限公司 Method and system for recognizing application type of flow data

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645806A (en) * 2009-09-04 2010-02-10 东南大学 Network flow classifying system and network flow classifying method combining DPI and DFI
CN101741744A (en) * 2009-12-17 2010-06-16 东南大学 Network flow identification method
US20140064080A1 (en) * 2012-08-30 2014-03-06 Patrick Stevens Apparatus and method for staged traffic classification among terminal and aggregation nodes of a broadband communications system
CN102945238A (en) * 2012-09-05 2013-02-27 南京航空航天大学 Fuzzy ISODATA (interactive self-organizing data) based feature selection method
CN104052639A (en) * 2014-07-02 2014-09-17 山东大学 Real-time multi-application network flow identification method based on support vector machine
CN104468273A (en) * 2014-12-12 2015-03-25 北京百度网讯科技有限公司 Method and system for recognizing application type of flow data

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110417729A (en) * 2019-06-12 2019-11-05 中国科学院信息工程研究所 A kind of service and application class method and system encrypting flow
CN110417729B (en) * 2019-06-12 2020-10-27 中国科学院信息工程研究所 Service and application classification method and system for encrypted traffic
CN110674010A (en) * 2019-09-10 2020-01-10 西安电子科技大学 Intelligent device application program identification method based on session length probability distribution
CN111510422A (en) * 2020-01-09 2020-08-07 中国石油大学(华东) Identity authentication method based on terminal information extension sequence and random forest model
CN112134856A (en) * 2020-09-02 2020-12-25 中移(杭州)信息技术有限公司 Method, system, server and storage medium for disabling application program
CN112134856B (en) * 2020-09-02 2023-08-15 中移(杭州)信息技术有限公司 Application program disabling method, system, server and storage medium

Similar Documents

Publication Publication Date Title
CN111277578B (en) Encrypted flow analysis feature extraction method, system, storage medium and security device
CN106778259B (en) Abnormal behavior discovery method and system based on big data machine learning
CN109660656A (en) A kind of intelligent terminal method for identifying application program
CN109525508B (en) Encrypted stream identification method and device based on flow similarity comparison and storage medium
CN105871832B (en) A kind of network application encryption method for recognizing flux and its device based on protocol attribute
CN110391958B (en) Method for automatically extracting and identifying characteristics of network encrypted flow
CN110311829A (en) A kind of net flow assorted method accelerated based on machine learning
CN105530265B (en) A kind of mobile Internet malicious application detection method based on frequent item set description
CN110796196A (en) Network traffic classification system and method based on depth discrimination characteristics
CN108063768B (en) Network malicious behavior identification method and device based on network gene technology
CN110198303A (en) Threaten the generation method and device, storage medium, electronic device of information
CN110532564A (en) A kind of application layer protocol online recognition method based on CNN and LSTM mixed model
US11888874B2 (en) Label guided unsupervised learning based network-level application signature generation
Perera Jayasuriya Kuranage et al. Network traffic classification using machine learning for software defined networks
CN112667750A (en) Method and device for determining and identifying message category
CN105468995A (en) Data mining based invasion detection system with Oracle as core
CN109088903A (en) A kind of exception flow of network detection method based on streaming
CN109871686A (en) Rogue program recognition methods and device based on icon representation and software action consistency analysis
CN110519228B (en) Method and system for identifying malicious cloud robot in black-production scene
CN117411703A (en) Modbus protocol-oriented industrial control network abnormal flow detection method
CN115277113A (en) Power grid network intrusion event detection and identification method based on ensemble learning
CN109728977B (en) JAP anonymous flow detection method and system
Tang et al. HSLF: HTTP header sequence based LSH fingerprints for application traffic classification
CN109376531B (en) Web intrusion detection method based on semantic recoding and feature space separation
CN106101061A (en) The automatic classification method of rogue program and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20211029

AD01 Patent right deemed abandoned