CN106850344B - Encryption method for recognizing flux based on stream gradient guiding - Google Patents
Encryption method for recognizing flux based on stream gradient guiding Download PDFInfo
- Publication number
- CN106850344B CN106850344B CN201710045963.7A CN201710045963A CN106850344B CN 106850344 B CN106850344 B CN 106850344B CN 201710045963 A CN201710045963 A CN 201710045963A CN 106850344 B CN106850344 B CN 106850344B
- Authority
- CN
- China
- Prior art keywords
- data
- flow
- key mark
- gradient
- stream
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2483—Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a kind of encryption method for recognizing flux based on stream gradient guiding, data flow gradient in known training set is calculated first is oriented to key mark, it extracts network traffic data and carries out key mark analysis, calculate separately the key mark of target encryption flow business and non-targeted encryption flow business in network;For unknown traffic to be measured, it calculates it and is oriented to key mark, and unknown stream key mark and target and non-targeted encryption flow business key mark relative offset amount, both judgements relative offset amount size, and then determine that the unknown stream encrypts flow business for target, or be non-targeted encryption flow business.Discrimination of the present invention is high, is easily used;To arbitrary network encrypt stream identification all have applicability, support the evolution of network, for the future may appear network encryption stream identification can also be compatible with.
Description
Technical field
The invention belongs to technical field of the computer network, in particular to a kind of encryption flow identification based on stream gradient guiding
Method.
Background technique
Peer-to-peer network (Peer-to-Peer, P2P) technology is achieved in current internet and is widely applied, such as: stream
The numerous areas such as media business, VoIP, file-sharing all use peer-to-peer network transmission technology.It is easy to real since the technology has
Now, bearing capacity is strong, is suitble to the features such as personal user, and utilization rate in a network is high.However, peer-to-peer network business is open
The characteristics of formula, causes its safety to be unable to satisfy the demand of current network, the various trojan horses by encryption, Malwares, robber
Version information is largely propagated in a peer-to-peer network, how to improve internet security as stern challenge.Existing encryption flow is known
Other method has: encryption method for recognizing flux, encryption method for recognizing flux based on classical key mark based on machine learning etc.;
But current encryption stream recognition method is unable to satisfy the demand of existing network in terms of discrimination and complexity, it is past
Toward the gradient guiding for not accounting for network data flow;Also, existing encryption method for recognizing flux does not support that traffic characteristic is real-time
The identification of variation does not have corresponding discrimination for widely encrypting stream.
Summary of the invention
In order to overcome the shortcomings in the prior art, the present invention provides a kind of encryption flow identification side based on stream gradient guiding
Method solves the defect in terms of encryption stream discrimination in the prior art and complexity, is oriented to for the gradient of network data flow, real
Better discrimination now is flowed to encryption, it is each to be applied to data transmission network for the safety of further Logistics networks information, stability
In grade node, stream identification is encrypted to arbitrary network and all has applicability.
According to design scheme provided by the present invention, a kind of encryption method for recognizing flux based on stream gradient guiding includes
Following steps:
Step 1 is gathered according to known data stream training, calculates data flow gradient and is oriented to key mark;
Step 2 extracts network data flow, includes crawl target encryption flow business data flow and non-targeted encryption flow
Business data flow, the data flow gradient for calculating separately target encryption flow business are oriented to key mark and non-targeted encryption flow industry
The data flow gradient of business is oriented to key mark;
Step 3 is directed to network unknown flow rate to be measured, calculates the data flow gradient guiding key mark of unknown flow rate;
Step 4 calculates separately the data flow gradient guiding key of unknown flow rate and target encryption flow business between the two
Data flow gradient between the relative offset amount St and unknown flow rate of mark and non-targeted encryption flow business is oriented to key mark
Relative offset amount Sn;
Step 5 judges whether relative offset amount St is greater than Sn, if so, determining that the unknown flow rate encrypts flow for target
Otherwise business then determines that the unknown flow rate is non-targeted encryption flow business.
Above-mentioned, it calculates data flow gradient and is oriented to key mark, include following content:
Statistical data stream characteristic, the data flow characteristics data include that preamble data packet size, current data packet are big
Small, preamble data Inter-arrival Time and current data Inter-arrival Time;
According to data flow characteristics data, data flow key mark is calculated, obtains its gradient guiding key mark.
Above-mentioned, data flow key mark is calculated, particular content is as follows:
According to the variable gradient of data flow characteristics data, its gradient guiding weighting function index is assessed, to data flow characteristics
Data are weighted processing;
Portraying gradient guiding key mark is vector data pair, establishes data flow characterization Statistical Vector data sequence, obtains
Vector probability density function;
Processing is filtered to vector probability density function by smoothing filter, the gradient guiding for obtaining the data flow is closed
Key mark.
Above-mentioned, the variable gradient of data flow characteristics data is determined by data packet laststate with current state.
Above-mentioned, it is two-dimensional vector data sequence that data flow, which characterizes Statistical Vector data sequence, wherein the first dimension is by preceding
Sequence data packet and the weighting of current data packet size determine that the second dimension arrives at interval weighting by preamble data packet and current data packet
It determines.
Above-mentioned, data flow characterizes Statistical Vector data sequence, the ratio between current data packet and preamble data packet size, the two
Variation is positively correlated.
Above-mentioned, data flow characterizes Statistical Vector data sequence, and current data Inter-arrival Time and preamble data packet reach
The ratio between interval, the two variation are positively correlated.
Above-mentioned, the calculating relative offset amount in step 4, also comprising the modulo operation to relative offset amount.
Preferably, relative offset amount is used to compare the degree of approximation between data flow key mark, and relative offset amount is non-negative
Number, value range [0,1].
Preferably, the element in relative offset amount unknown flow rate is crucial with Probability p application layer as corresponding to key mark
Mark generates, and the data flow gradient guiding key mark maximum value of the element and unknown flow rate is positively correlated, the number with unknown flow rate
It is positively correlated, is oriented to the data flow gradient of unknown flow rate crucial according to the weighted mean of stream gradient guiding key mark vector data pair
It is negatively correlated to identify minimum value.
Beneficial effects of the present invention:
1, the present invention is oriented to key mark by calculating data flow gradient in known training set, extracts network traffic data
And key mark analysis is carried out, it calculates separately target encryption flow business and non-targeted the crucial of encryption flow business in network and marks
Know, for unknown traffic to be measured, be oriented to key mark calculation method using gradient, calculates the unknown crucial mark of stream gradient guiding
Know, then calculate separately unknown stream key mark and target and non-targeted encryption flow business key mark relative offset amount, sentences
Break unknown stream key mark and target encryption flow business key mark relative offset amount whether be greater than unknown stream key mark and
Non-targeted encryption flow business key mark relative offset amount, if so, determine that the unknown stream encrypts flow business for target, if
It is no, then determine that the unknown stream is non-targeted encryption flow business;Discrimination is high, more accurately.
2, the present invention is crucial applied in data transmission networks at different levels nodes at different levels, extracting unknown stream and calculating gradient guiding
Compared with mark does relative offset amount with known target flow, stream type is determined;By comparing unknown traffic and training data
The relative offset amount of key mark is flowed to determine whether target encrypting traffic, and discrimination is high, is easily used;To arbitrary network
Encryption stream identification all has applicability, supports the evolution of network, for the future may appear the identification of network encryption stream can also be with
It is compatible.
Detailed description of the invention:
Fig. 1 is flow diagram of the invention;
Fig. 2 is the implementation flow chart of embodiment two;
Fig. 3 is that data flow gradient is oriented to key mark calculation method flow diagram;
Fig. 4 is relative offset amount method of discrimination flow diagram.
Specific embodiment:
For the ease of hereafter understanding, the noun or abbreviation used in text are explained at this:
Gradient is oriented to key mark: by extraction and analysis preamble data packet statistical property, including data package size, when arrival
Between be spaced, do not consider encrypt flow itself behavioral characteristic, utilize the characteristic statistics of preamble sample data packet and current data packet
Data, building can accurately describe a kind of mathematics mark of data flow;It does not consider the content character of data flow itself, merely with
Data flow characterization indicates there is stronger versatility.
Relative offset amount: utilizing data flow key mark, for indicating that two kinds of different data streams characterize the degree of approximation;It can be used
In determining consistent degree between All-purpose Use stream, can determine whether two data flows are identical or approximate.
The present invention is described in further detail with technical solution with reference to the accompanying drawing, and detailed by preferred embodiment
Describe bright embodiments of the present invention in detail, but embodiments of the present invention are not limited to this.
Embodiment one, shown in Figure 1, a kind of encryption method for recognizing flux based on stream gradient guiding includes following step
It is rapid:
Step 1 is gathered according to known data stream training, calculates data flow gradient and is oriented to key mark;
Step 2 extracts network data flow, includes crawl target encryption flow business data flow and non-targeted encryption flow
Business data flow, the data flow gradient for calculating separately target encryption flow business are oriented to key mark and non-targeted encryption flow industry
The data flow gradient of business is oriented to key mark;
Step 3 is directed to network unknown flow rate to be measured, calculates the data flow gradient guiding key mark of unknown flow rate;
Step 4 calculates separately the data flow gradient guiding key of unknown flow rate and target encryption flow business between the two
Data flow gradient between the relative offset amount St and unknown flow rate of mark and non-targeted encryption flow business is oriented to key mark
Relative offset amount Sn;
Step 5 judges whether relative offset amount St is greater than Sn, if so, determining that the unknown flow rate encrypts flow for target
Otherwise business then determines that the unknown flow rate is non-targeted encryption flow business.
The present invention is oriented to key mark by calculating data flow gradient in known training set, extracts network traffic data simultaneously
Key mark analysis is carried out, target encryption flow business and non-targeted the crucial of encryption flow business in network is calculated separately and marks
Know, for unknown traffic to be measured, be oriented to key mark calculation method using gradient, calculates the unknown crucial mark of stream gradient guiding
Know, then calculate separately unknown stream key mark and target and non-targeted encryption flow business key mark relative offset amount, sentences
Break unknown stream key mark and target encryption flow business key mark relative offset amount whether be greater than unknown stream key mark and
Non-targeted encryption flow business key mark relative offset amount, if so, determine that the unknown stream encrypts flow business for target, if
It is no, then determine that the unknown stream is non-targeted encryption flow business;Discrimination is high, more accurately.
Embodiment two, referring to fig. 2~4 shown in, a kind of encryption method for recognizing flux based on stream gradient guiding, comprising as follows
Content:
1) gathered according to known data stream training, statistical data stream characteristic, before the data flow characteristics data include
Sequence data package size, current data packet size, preamble data Inter-arrival Time and current data Inter-arrival Time;According to data
Characteristic is flowed, data flow key mark is calculated, according to the variable gradient of data flow characteristics data, assesses the guiding weighting of its gradient
Function index is weighted processing to data flow characteristic;Portraying gradient guiding key mark is vector data pair, establishes number
Statistical Vector data sequence is levied according to flow table, obtains vector probability density function;To alleviate noise jamming, to reduce data flow characteristics
Interference between noise is filtered processing to vector probability density function by smoothing filter, obtains the ladder of the data flow
Degree guiding key mark.
Wherein, the variable gradient of data flow characteristics data is determined by data packet laststate with current state.
Wherein, data flow characterization Statistical Vector data sequence is two-dimensional vector data sequence, wherein the first dimension is by preamble
Data packet and the weighting of current data packet size determine that the second dimension arrives at interval weighting with current data packet by preamble data packet and determines
It is fixed.
Gradient guiding weighted value should meet the following conditions in gradient guiding weighting function index:
1. Weighted Guidelines value is the real number greater than 0;
2. gradient guiding is stronger with the increase of characteristic index;
3. data flow characteristics variation is smaller, Weighted Guidelines more tend to stablize;
4. gradient guiding weakens with the increase of characteristic index;
Gradient guiding subtracts preamble data packet size logarithm by preamble data packet size and current data packet size and logarithm
It determines, to accurately reflect data flow gradient.
Above-mentioned, data flow characterizes Statistical Vector data sequence, the ratio between current data packet and preamble data packet size, the two
Variation is positively correlated.
Above-mentioned, data flow characterizes Statistical Vector data sequence, and current data Inter-arrival Time and preamble data packet reach
The ratio between interval, the two variation are positively correlated.
2) network data flow is extracted, crawl target encryption flow business data flow and non-targeted encryption flow business are included
Data flow, calculate separately target encryption flow business data flow gradient guiding key mark and non-targeted encryption flow business
Data flow gradient is oriented to key mark.
3) it is directed to network unknown flow rate to be measured, calculates the data flow gradient guiding key mark of unknown flow rate.
4) the data flow gradient guiding key mark of unknown flow rate and target encryption flow business between the two is calculated separately
Relative offset amount St and unknown flow rate and it is non-targeted encryption flow business between data flow gradient guiding key mark phase
Close offset Sn.
Wherein, relative offset amount is calculated, also includes: to the modulo operation of relative offset amount.
Relative offset amount is used to compare the degree of approximation between data flow key mark, and relative offset amount is nonnegative number, value
Range [0,1];For comparison result closer to 0, the two the not approximate, and closer to 1, the two is more approximate.
Preferably, the element in relative offset amount unknown flow rate is crucial with Probability p application layer as corresponding to key mark
Mark generates, and the data flow gradient guiding key mark maximum value of the element and unknown flow rate is positively correlated, the number with unknown flow rate
It is positively correlated, is oriented to the data flow gradient of unknown flow rate crucial according to the weighted mean of stream gradient guiding key mark vector data pair
It is negatively correlated to identify minimum value.
5) judge whether relative offset amount St is greater than Sn, if so, determine that the unknown flow rate encrypts flow business for target,
Otherwise, then determine that the unknown flow rate is non-targeted encryption flow business.
In the present invention, all gradient guide effect state vector ordered series of numbers are with the ratio between current data packet and preamble data packet size
It is positively correlated, preamble data Bao Yue great, key mark vector number is to becoming small, otherwise it is big to become;All gradient guide effect state vectors
Ordered series of numbers is positively correlated with the ratio between current data Inter-arrival Time and preamble data Inter-arrival Time, and arrival time interval is bigger, crucial
Mark vector ordered series of numbers becomes small, otherwise it is big to become;It constitutes gradient guide effect state vector ordered series of numbers data package size part and uses and be with 2
The Logarithmic calculation at bottom;Gradient guide effect state vector ordered series of numbers data packet arrival time compartment is constituted to use with 10 the bottom of as
Logarithmic calculation.It is beneficial to the simplification of method to handle preamble data packet as few as possible, chooses and increases with preamble data packet quantity
Add, it is more accurate that gradient is oriented to key mark calculating.It integrates smoothing filter efficiency and filters out noise effects, as fuzzy window increases
Greatly, increase gradient is still presented in filtering recall rate, but rate of rise has met filtering demands.
The present invention is applied in data transmission networks at different levels nodes at different levels, extracts unknown stream and calculates the crucial mark of gradient guiding
Compared with knowledge does relative offset amount with known target flow, stream type is determined;By comparing unknown traffic and training data stream
The relative offset amount of key mark determines whether target encrypting traffic, and discrimination is high, be easily used;To arbitrary network plus
The identification of close stream all has applicability, supports the evolution of network, for the future may appear the identification of network encryption stream can also be simultaneous
Hold.
The present invention is not limited to above-mentioned specific embodiment, and those skilled in the art can also make a variety of variations accordingly, but
It is any all to cover within the scope of the claims with equivalent or similar variation of the invention.
Claims (8)
1. a kind of encryption method for recognizing flux based on stream gradient guiding, which is characterized in that comprise the following steps:
Step 1 is gathered according to known data stream training, calculates data flow gradient and is oriented to key mark;
Step 2 extracts network data flow, includes crawl target encryption flow business data flow and non-targeted encryption flow business
Data flow, calculate separately target encryption flow business data flow gradient guiding key mark and non-targeted encryption flow business
Data flow gradient is oriented to key mark;
Step 3 is directed to network unknown flow rate to be measured, calculates the data flow gradient guiding key mark of unknown flow rate;
Step 4 calculates separately the data flow gradient guiding key mark of unknown flow rate and target encryption flow business between the two
Relative offset amount St and unknown flow rate and it is non-targeted encryption flow business between data flow gradient guiding key mark phase
Close offset Sn;
Step 5 judges whether relative offset amount St is greater than Sn, if so, determine that the unknown flow rate encrypts flow business for target,
Otherwise, then determine that the unknown flow rate is non-targeted encryption flow business;
It calculates data flow gradient and is oriented to key mark, include following content:
Statistical data stream characteristic, the data flow characteristics data include preamble data packet size, current data packet size, preceding
Ordinal number is according to Inter-arrival Time and current data Inter-arrival Time;
According to data flow characteristics data, data flow key mark is calculated, obtains its gradient guiding key mark;
Data flow key mark is calculated, particular content is as follows:
According to the variable gradient of data flow characteristics data, its gradient guiding weighting function index is assessed, to data flow characteristic
It is weighted processing;
Portraying gradient guiding key mark is vector data pair, establishes data flow characterization Statistical Vector data sequence, obtains vector
Probability density function;
Processing is filtered to vector probability density function by smoothing filter, obtains the crucial mark of gradient guiding of the data flow
Know.
2. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that data flow is special
The variable gradient of sign data is determined by data packet laststate with current state.
3. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that data stream list
Sign Statistical Vector data sequence is two-dimensional vector data sequence, wherein the first dimension is big by preamble data packet and current data packet
Small weighting determines that the second dimension arrives at interval weighting with current data packet by preamble data packet and determines.
4. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that data stream list
Statistical Vector data sequence, the ratio between current data packet and preamble data packet size are levied, the two variation is positively correlated.
5. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that data stream list
Statistical Vector data sequence, the ratio between current data Inter-arrival Time and preamble data Inter-arrival Time are levied, the two variation is positively correlated.
6. the encryption method for recognizing flux according to claim 1 based on stream gradient guiding, which is characterized in that in step 4
Calculating relative offset amount, also comprising to the modulo operation of relative offset amount.
7. the encryption method for recognizing flux according to claim 6 based on stream gradient guiding, which is characterized in that relative offset
Amount is nonnegative number, value range [0,1] for comparing the degree of approximation between data flow key mark, relative offset amount.
8. the encryption method for recognizing flux according to claim 7 based on stream gradient guiding, which is characterized in that relative offset
The element in unknown flow rate is measured with the generation of Probability p application layer key mark as corresponding to key mark, the element and unknown stream
The data flow gradient guiding key mark maximum value of amount is positively correlated, and is oriented to key mark vector with the data flow gradient of unknown flow rate
The weighted mean of data pair is positively correlated, negatively correlated with the data flow gradient guiding key mark minimum value of unknown flow rate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710045963.7A CN106850344B (en) | 2017-01-22 | 2017-01-22 | Encryption method for recognizing flux based on stream gradient guiding |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710045963.7A CN106850344B (en) | 2017-01-22 | 2017-01-22 | Encryption method for recognizing flux based on stream gradient guiding |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106850344A CN106850344A (en) | 2017-06-13 |
CN106850344B true CN106850344B (en) | 2019-10-29 |
Family
ID=59119846
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710045963.7A Active CN106850344B (en) | 2017-01-22 | 2017-01-22 | Encryption method for recognizing flux based on stream gradient guiding |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106850344B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107508764B (en) * | 2017-07-03 | 2020-04-10 | 网宿科技股份有限公司 | Network data traffic type identification method and device |
CN108566340B (en) * | 2018-02-05 | 2021-03-09 | 中国科学院信息工程研究所 | Network flow refined classification method and device based on dynamic time warping algorithm |
CN113542195B (en) * | 2020-04-16 | 2023-05-05 | 北京观成科技有限公司 | Method, system and equipment for detecting malicious encrypted traffic |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102098346A (en) * | 2011-02-23 | 2011-06-15 | 北京邮电大学 | Method for identifying flow of P2P (peer-to-peer) stream media in unknown flow |
CN103544488A (en) * | 2013-11-07 | 2014-01-29 | 湖南创合制造有限公司 | Face recognition method and device |
CN103873320A (en) * | 2013-12-27 | 2014-06-18 | 北京天融信科技有限公司 | Encrypted flow rate recognizing method and device |
CN104520813A (en) * | 2012-08-16 | 2015-04-15 | 华为技术有限公司 | Control pool based enterprise policy enabler for controlled cloud access |
US9128528B2 (en) * | 2012-06-22 | 2015-09-08 | Cisco Technology, Inc. | Image-based real-time gesture recognition |
CN105721242A (en) * | 2016-01-26 | 2016-06-29 | 国家信息技术安全研究中心 | Information entropy-based encrypted traffic identification method |
CN105827472A (en) * | 2015-01-04 | 2016-08-03 | 华为技术有限公司 | Network data flow type detection method and network data flow type detection device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030101253A1 (en) * | 2001-11-29 | 2003-05-29 | Takayuki Saito | Method and system for distributing data in a network |
-
2017
- 2017-01-22 CN CN201710045963.7A patent/CN106850344B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102098346A (en) * | 2011-02-23 | 2011-06-15 | 北京邮电大学 | Method for identifying flow of P2P (peer-to-peer) stream media in unknown flow |
US9128528B2 (en) * | 2012-06-22 | 2015-09-08 | Cisco Technology, Inc. | Image-based real-time gesture recognition |
CN104520813A (en) * | 2012-08-16 | 2015-04-15 | 华为技术有限公司 | Control pool based enterprise policy enabler for controlled cloud access |
CN103544488A (en) * | 2013-11-07 | 2014-01-29 | 湖南创合制造有限公司 | Face recognition method and device |
CN103873320A (en) * | 2013-12-27 | 2014-06-18 | 北京天融信科技有限公司 | Encrypted flow rate recognizing method and device |
CN105827472A (en) * | 2015-01-04 | 2016-08-03 | 华为技术有限公司 | Network data flow type detection method and network data flow type detection device |
CN105721242A (en) * | 2016-01-26 | 2016-06-29 | 国家信息技术安全研究中心 | Information entropy-based encrypted traffic identification method |
Also Published As
Publication number | Publication date |
---|---|
CN106850344A (en) | 2017-06-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Salman et al. | A review on machine learning–based approaches for Internet traffic classification | |
Homayoun et al. | BoTShark: A deep learning approach for botnet traffic detection | |
Anand et al. | Phishing URL detection with oversampling based on text generative adversarial networks | |
US10033757B2 (en) | Identifying malicious identifiers | |
CN111355697B (en) | Detection method, device, equipment and storage medium for botnet domain name family | |
CN106850344B (en) | Encryption method for recognizing flux based on stream gradient guiding | |
CN110611640A (en) | DNS protocol hidden channel detection method based on random forest | |
CN113821793B (en) | Multi-stage attack scene construction method and system based on graph convolution neural network | |
CN115277102B (en) | Network attack detection method and device, electronic equipment and storage medium | |
CN111245784A (en) | Method for multi-dimensional detection of malicious domain name | |
CN109088862B (en) | Node property identification method based on distributed system | |
Hostiadi et al. | Hybrid model for bot group activity detection using similarity and correlation approaches based on network traffic flows analysis | |
CN111478921A (en) | Method, device and equipment for detecting communication of hidden channel | |
Nishiyama et al. | SILU: Strategy involving large-scale unlabeled logs for improving malware detector | |
Shafiq et al. | Effective feature selection for 5G IM applications traffic classification | |
CN110472410B (en) | Method and device for identifying data and data processing method | |
Tang et al. | A new detection method for LDoS attacks based on data mining | |
Min et al. | Online Internet traffic identification algorithm based on multistage classifier | |
Hamdi | Federated learning-based intrusion detection system for Internet of Things | |
CN111447169B (en) | Method and system for identifying malicious webpage in real time on gateway | |
CN113037748A (en) | C and C channel hybrid detection method and system | |
CN107222319B (en) | Communication operation analysis method and device | |
Kocak et al. | Detecting anomalous latent classes in a batch of network traffic flows | |
CN107770813A (en) | LTE uplink interference sorting techniques based on PCA Yu two-dimentional degree of bias feature | |
Shen et al. | Machine learning classification on traffic of secondary encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |