CN109660656A - A kind of intelligent terminal method for identifying application program - Google Patents
A kind of intelligent terminal method for identifying application program Download PDFInfo
- Publication number
- CN109660656A CN109660656A CN201811380538.4A CN201811380538A CN109660656A CN 109660656 A CN109660656 A CN 109660656A CN 201811380538 A CN201811380538 A CN 201811380538A CN 109660656 A CN109660656 A CN 109660656A
- Authority
- CN
- China
- Prior art keywords
- feature
- application
- application program
- program
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/285—Selection of pattern recognition techniques, e.g. of classifiers in a multi-classifier system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72484—User interfaces specially adapted for cordless or mobile telephones wherein functions are triggered by incoming communication events
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Data Mining & Analysis (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Human Computer Interaction (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of intelligent terminal method for identifying application program, the method for recognizing flux based on machine learning has good scalability, can excavate the implicit feature of network flow, can accurately identify refined net stream, and can also find new network application.Due to based on machine learning classification method relatively intelligent, flexibly, in recent years, more and more net flow assorted researchs concentrate on this field.Compared with prior art, maneuvering load analysis part information of the present invention avoids invasion of privacy and identifies to encryption flow, has the value of popularization and application.
Description
Technical field
The present invention relates to network technique field more particularly to a kind of intelligent terminal method for identifying application program.
Background technique
In daily life, smart phone uses more and more, this is that a kind of deep (and rapid) changes
Pass through the property of the flow of home and enterprise networks and internet.The service condition of analysing terminal user, to operator or
There is corresponding benefit to this other interested client.In recent years, there is prolonged research to the research of traffic classification this block.Than
Such as, based on the recognition methods of port, the method is not highly desirable for the processing for encrypting flow;Deep packet inspection method is
Application data packet is analyzed by load information, to identify target program;Statistics-Based Method;Finally be and
Its method learnt, include by extracting implicit, systematicness effective information from big data, in network flow it is huge,
Complicated data, nowadays sight has been placed on the method for recognizing flux based on machine learning by academia.It is being based on machine learning
Method for recognizing flux in, it is most important that selection rationally effective traffic characteristic and the suitable training learning algorithm of selection.Such as
The present, researcher commonly trained learning method to have in network flow identification research: supervised learning, unsupervised learning and half
Supervised learning.By the analysis of three aspects, the method for recognizing flux based on machine learning has good scalability, can excavate
The implicit feature of network flow can accurately identify refined net stream, and can also find new network application.By to various
The comparison of identification technology, present invention uses the mode of fuzzy clustering (FCM) and multi-categorizer (SVM, RF), the two is combined,
Improve the precision and efficiency of application program identification.There is following centralized way in the prior art:
1, based on the method for recognizing flux of load characteristic
This detection method may invade the privacy of communicating pair, the data flow of encryption can not be identified, to emerging
Using the tagged word phase library that needs to timely update, and the net load for parsing flow needs very big operand.So with network
Data encryption technology is generally continued to introduce new using with various network applications in communication, and this method for recognizing flux will be more
To be more unable to satisfy actual needs.
Defect: 1) increasing with more and more non-standard applications and proprietary protocol, so that these applications and agreement lack
The standard for being applicable in and opening less keeps feature string variable and detection difficult.If 2) the accidental enciphering stream in subnetwork flow is associated with
Dry feature string, increases false detection rate.3) certain feature strings are not representative, cannot be complete for whole network flows
Match, reduces recall rate.4) syntax and semantics analysis can generate a large amount of calculating in load detection process, increase overhead
Greatly.
2, the method for recognizing flux based on network behavior feature
This method needs processed offline mass data stream to safeguard and match numerous rule of conduct, therefore can not be
It is identified in real time in practical application;Moreover, the continuous variation of network environment can also change the behavioural characteristic of flow, it is thus possible to
The method for recognizing flux based on network behavior feature is caused to fail because of the difference of network environment.
Summary of the invention
The object of the invention is that providing a kind of intelligent terminal method for identifying application program to solve the above-mentioned problems.
The present invention through the following technical solutions to achieve the above objectives:
The present invention the following steps are included:
(1) it is based on the process of fuzzy clustering (FCM):
(1.1) the application data packet (configuration of fiddler, for Android mobile phone of fiddler setting capture mobile terminal
Data packet grasping means, the data traffic for the application program being currently running is collected, be stored in TXT file or
It is that the amount of data set reaches certain degree in excel file), using the method for fuzzy clustering, separate the affiliated class of application program
Not;Such as social program, read routine, video program etc.;
(1.2) network flow feature is extracted, and network flow feature is tested, if is valuable characteristic information, obtains
Obtain network flow feature set;C={ C1,C2,...,Cn, the feature of network flow generally has, total packet number, average packet size, total byte
Number, average load size, the duration of stream etc.;
(1.3) by way of fuzzy clustering, after training Fuzzy Cluster Model in advance, when to certain program data packet
After feature extraction after being captured, target program is attributed to certain class;
(2) application of fuzzy clustering (FCM):
(2.1) pass through analysis feature set C={ C1,C2,...,CnIn the biggish characteristic component of discrimination, analyze class
Other program, such as it is divided into social application program, read routine, video program etc.;
(2.2) extraction of feature set, multiple features are chosen;When feature can be the size of data packet, data Inter-arrival Time
Between, response time etc. of packet;
(3) application of multi-categorizer:
(3.1) characteristic acquires: the former used feature can be ignored, the remaining biggish spy of difference degree is utilized
Sign, does classification to the end using multi-categorizers such as SVM, random forests
(3.2) SVM support vector machine classifier: major class classification is carried out as base classifier;Utilize fuzzy clustering method point
After good major class;After data to be detected input, determine which classification is the data belong to using SVM base classifier, under
One step disaggregated classification device is prepared;
(3.3) random forest grader: as subdivision application class device;Reach application program identification with the classifier
Purpose.
The beneficial effects of the present invention are:
The present invention is a kind of intelligent terminal method for identifying application program, compared with prior art, maneuvering load of the present invention point
Partial information is analysed, invasion of privacy is avoided and encryption flow is identified, is had the value of popularization and application.
Detailed description of the invention
Fig. 1 is algorithm flow chart of the invention.
Specific embodiment
The present invention will be further explained below with reference to the attached drawings:
The present invention the following steps are included:
(1) it is based on the process of fuzzy clustering (FCM):
(1.1) the application data packet (configuration of fiddler, for Android mobile phone of fiddler setting capture mobile terminal
Data packet grasping means, the data traffic for the application program being currently running is collected, be stored in TXT file or
It is that the amount of data set reaches certain degree in excel file), using the method for fuzzy clustering, separate the affiliated class of application program
Not;Such as social program, read routine, video program etc.;
(1.2) network flow feature is extracted, and network flow feature is tested, if is valuable characteristic information, obtains
Obtain network flow feature set;C={ C1,C2,...,Cn, the feature of network flow generally has, total packet number, average packet size, total byte
Number, average load size, the duration of stream etc.;
(1.3) by way of fuzzy clustering, after training Fuzzy Cluster Model in advance, when to certain program data packet
After feature extraction after being captured, target program is attributed to certain class;
(2) application of fuzzy clustering (FCM):
(2.1) pass through analysis feature set C={ C1,C2,...,CnIn the biggish characteristic component of discrimination, analyze class
Other program, such as it is divided into social application program, read routine, video program etc.;
(2.2) extraction of feature set, multiple features are chosen;When feature can be the size of data packet, data Inter-arrival Time
Between, response time etc. of packet;
(3) application of multi-categorizer:
(3.1) characteristic acquires: the former used feature can be ignored, the remaining biggish spy of difference degree is utilized
Sign, does classification to the end using multi-categorizers such as SVM, random forests
(3.2) SVM support vector machine classifier: major class classification is carried out as base classifier;Utilize fuzzy clustering method point
After good major class;After data to be detected input, determine which classification is the data belong to using SVM base classifier, under
One step disaggregated classification device is prepared;
(3.3) random forest grader: as subdivision application class device;Reach application program identification with the classifier
Purpose.
Method for recognizing flux based on machine learning has good scalability, can excavate the implicit spy of network flow
Sign, can accurately identify refined net stream, and can also find new network application.Due to the classification method based on machine learning compared with
Intelligent, flexible, in recent years, more and more net flow assorted researchs concentrate on this field.
Basic principles and main features and advantages of the present invention of the invention have been shown and described above.The technology of the industry
Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this
The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes
Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its
Equivalent thereof.
Claims (1)
1. a kind of intelligent terminal method for identifying application program, it is characterised in that: the following steps are included:
(1) it is based on the process of fuzzy clustering (FCM):
(1.1) the application data packet (configuration of fiddler, for the number of Android mobile phone of fiddler setting capture mobile terminal
According to packet grasping means, the data traffic for the application program being currently running is collected, is stored in TXT file or excel text
It is that the amount of data set reaches certain degree in part), using the method for fuzzy clustering, separate application program generic;Such as
Social program, read routine, video program etc.;
(1.2) network flow feature is extracted, and network flow feature is tested, if is valuable characteristic information, obtains net
Network stream feature set;C={ C1,C2,...,Cn, the feature of network flow generally has, and total packet number, total bytes, is put down at average packet size
Equal payload size, duration of stream etc.;
(1.3) it by way of fuzzy clustering, after training Fuzzy Cluster Model in advance, is carried out when to certain program data packet
After feature extraction after capture, target program is attributed to certain class;
(2) application of fuzzy clustering (FCM):
(2.1) pass through analysis feature set C={ C1,C2,...,CnIn the biggish characteristic component of discrimination, analyze classification journey
Sequence, such as it is divided into social application program, read routine, video program etc.;
(2.2) extraction of feature set, multiple features are chosen;Feature can be the size of data packet, data packet interarrival time, packet
Response time etc.;
(3) application of multi-categorizer:
(3.1) characteristic acquires: the former used feature can be ignored, the remaining biggish feature of difference degree, benefit are utilized
Classification to the end is done with multi-categorizers such as SVM, random forests
(3.2) SVM support vector machine classifier: major class classification is carried out as base classifier;It is good big using fuzzy clustering method point
After class;After data to be detected input, determine which classification is the data belong to using SVM base classifier, in next step
Disaggregated classification device is prepared;
(3.3) random forest grader: as subdivision application class device;Reach the mesh of application program identification with the classifier
's.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811380538.4A CN109660656A (en) | 2018-11-20 | 2018-11-20 | A kind of intelligent terminal method for identifying application program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811380538.4A CN109660656A (en) | 2018-11-20 | 2018-11-20 | A kind of intelligent terminal method for identifying application program |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109660656A true CN109660656A (en) | 2019-04-19 |
Family
ID=66111388
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811380538.4A Pending CN109660656A (en) | 2018-11-20 | 2018-11-20 | A kind of intelligent terminal method for identifying application program |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109660656A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110417729A (en) * | 2019-06-12 | 2019-11-05 | 中国科学院信息工程研究所 | A kind of service and application class method and system encrypting flow |
CN110674010A (en) * | 2019-09-10 | 2020-01-10 | 西安电子科技大学 | Intelligent device application program identification method based on session length probability distribution |
CN111510422A (en) * | 2020-01-09 | 2020-08-07 | 中国石油大学(华东) | Identity authentication method based on terminal information extension sequence and random forest model |
CN112134856A (en) * | 2020-09-02 | 2020-12-25 | 中移(杭州)信息技术有限公司 | Method, system, server and storage medium for disabling application program |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101645806A (en) * | 2009-09-04 | 2010-02-10 | 东南大学 | Network flow classifying system and network flow classifying method combining DPI and DFI |
CN101741744A (en) * | 2009-12-17 | 2010-06-16 | 东南大学 | Network flow identification method |
CN102945238A (en) * | 2012-09-05 | 2013-02-27 | 南京航空航天大学 | Fuzzy ISODATA (interactive self-organizing data) based feature selection method |
US20140064080A1 (en) * | 2012-08-30 | 2014-03-06 | Patrick Stevens | Apparatus and method for staged traffic classification among terminal and aggregation nodes of a broadband communications system |
CN104052639A (en) * | 2014-07-02 | 2014-09-17 | 山东大学 | Real-time multi-application network flow identification method based on support vector machine |
CN104468273A (en) * | 2014-12-12 | 2015-03-25 | 北京百度网讯科技有限公司 | Method and system for recognizing application type of flow data |
-
2018
- 2018-11-20 CN CN201811380538.4A patent/CN109660656A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101645806A (en) * | 2009-09-04 | 2010-02-10 | 东南大学 | Network flow classifying system and network flow classifying method combining DPI and DFI |
CN101741744A (en) * | 2009-12-17 | 2010-06-16 | 东南大学 | Network flow identification method |
US20140064080A1 (en) * | 2012-08-30 | 2014-03-06 | Patrick Stevens | Apparatus and method for staged traffic classification among terminal and aggregation nodes of a broadband communications system |
CN102945238A (en) * | 2012-09-05 | 2013-02-27 | 南京航空航天大学 | Fuzzy ISODATA (interactive self-organizing data) based feature selection method |
CN104052639A (en) * | 2014-07-02 | 2014-09-17 | 山东大学 | Real-time multi-application network flow identification method based on support vector machine |
CN104468273A (en) * | 2014-12-12 | 2015-03-25 | 北京百度网讯科技有限公司 | Method and system for recognizing application type of flow data |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110417729A (en) * | 2019-06-12 | 2019-11-05 | 中国科学院信息工程研究所 | A kind of service and application class method and system encrypting flow |
CN110417729B (en) * | 2019-06-12 | 2020-10-27 | 中国科学院信息工程研究所 | Service and application classification method and system for encrypted traffic |
CN110674010A (en) * | 2019-09-10 | 2020-01-10 | 西安电子科技大学 | Intelligent device application program identification method based on session length probability distribution |
CN111510422A (en) * | 2020-01-09 | 2020-08-07 | 中国石油大学(华东) | Identity authentication method based on terminal information extension sequence and random forest model |
CN112134856A (en) * | 2020-09-02 | 2020-12-25 | 中移(杭州)信息技术有限公司 | Method, system, server and storage medium for disabling application program |
CN112134856B (en) * | 2020-09-02 | 2023-08-15 | 中移(杭州)信息技术有限公司 | Application program disabling method, system, server and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111277578B (en) | Encrypted flow analysis feature extraction method, system, storage medium and security device | |
CN106778259B (en) | Abnormal behavior discovery method and system based on big data machine learning | |
CN109660656A (en) | A kind of intelligent terminal method for identifying application program | |
CN109525508B (en) | Encrypted stream identification method and device based on flow similarity comparison and storage medium | |
CN105871832B (en) | A kind of network application encryption method for recognizing flux and its device based on protocol attribute | |
CN110391958B (en) | Method for automatically extracting and identifying characteristics of network encrypted flow | |
CN110311829A (en) | A kind of net flow assorted method accelerated based on machine learning | |
CN105530265B (en) | A kind of mobile Internet malicious application detection method based on frequent item set description | |
CN110796196A (en) | Network traffic classification system and method based on depth discrimination characteristics | |
CN108063768B (en) | Network malicious behavior identification method and device based on network gene technology | |
CN110198303A (en) | Threaten the generation method and device, storage medium, electronic device of information | |
CN110532564A (en) | A kind of application layer protocol online recognition method based on CNN and LSTM mixed model | |
US11888874B2 (en) | Label guided unsupervised learning based network-level application signature generation | |
Perera Jayasuriya Kuranage et al. | Network traffic classification using machine learning for software defined networks | |
CN112667750A (en) | Method and device for determining and identifying message category | |
CN105468995A (en) | Data mining based invasion detection system with Oracle as core | |
CN109088903A (en) | A kind of exception flow of network detection method based on streaming | |
CN109871686A (en) | Rogue program recognition methods and device based on icon representation and software action consistency analysis | |
CN110519228B (en) | Method and system for identifying malicious cloud robot in black-production scene | |
CN117411703A (en) | Modbus protocol-oriented industrial control network abnormal flow detection method | |
CN115277113A (en) | Power grid network intrusion event detection and identification method based on ensemble learning | |
CN109728977B (en) | JAP anonymous flow detection method and system | |
Tang et al. | HSLF: HTTP header sequence based LSH fingerprints for application traffic classification | |
CN109376531B (en) | Web intrusion detection method based on semantic recoding and feature space separation | |
CN106101061A (en) | The automatic classification method of rogue program and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20211029 |
|
AD01 | Patent right deemed abandoned |