CN110855663A - Identification method and system based on time-space correlation analysis - Google Patents
Identification method and system based on time-space correlation analysis Download PDFInfo
- Publication number
- CN110855663A CN110855663A CN201911101592.5A CN201911101592A CN110855663A CN 110855663 A CN110855663 A CN 110855663A CN 201911101592 A CN201911101592 A CN 201911101592A CN 110855663 A CN110855663 A CN 110855663A
- Authority
- CN
- China
- Prior art keywords
- time axis
- task
- module
- information
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000010219 correlation analysis Methods 0.000 title claims abstract description 15
- 238000004458 analytical method Methods 0.000 claims abstract description 23
- 239000000284 extract Substances 0.000 claims abstract description 4
- 238000004806 packaging method and process Methods 0.000 claims description 9
- 230000009193 crawling Effects 0.000 claims description 6
- 238000007405 data analysis Methods 0.000 claims description 5
- 238000013500 data storage Methods 0.000 claims description 5
- 238000012544 monitoring process Methods 0.000 claims description 5
- 238000013145 classification model Methods 0.000 claims description 4
- 238000005206 flow analysis Methods 0.000 claims description 4
- 238000010801 machine learning Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an identity recognition method and system based on spatio-temporal correlation analysis, which comprises the following steps: s1: the real-time traffic analysis module accesses network traffic to the analysis equipment through the shunt equipment; analyzing the flow data, and storing the analyzed data in a database; s2: the time axis comparison task module creates a time axis comparison task, packages task information into a file and carries the file to the webpage content acquisition module; s3: the webpage content acquisition module monitors a file sent by the time axis comparison task module in real time and acquires an account number or ID information of the Internet application; s4: the webpage content acquisition module constructs an internet application template, extracts time axis information data of the account according to the template, packages the acquired time axis information of the account into a file and sends the file to the time axis comparison module; s5: and the time axis comparison module analyzes and compares the time axis result files and performs real identity association according to the matching degree.
Description
Technical Field
The invention relates to the technical field of internet application and an identity recognition management method for network security, in particular to an identity recognition method and an identity recognition system based on time-space correlation analysis.
Background
With the rapid popularization of the internet and the continuous emergence of various network applications, network security incidents occur continuously, and the network security becomes an important content of national security, how to extract information from encryption services has great significance for standardizing network applications, purifying network environments and protecting network security.
The traditional network security and network supervision comprise the following means, namely open source information comprising virtual identity, threat information, potential events and the like; secondly, plaintext analysis including DNS, LOT, GTP and other protocol analysis; and thirdly, vulnerability attacks including mails, short messages, APP vulnerabilities and the like. However, with the development of encryption technology, it is difficult for the traditional network security supervision means and capabilities to effectively monitor and identify data, and how to obtain effective information from encrypted data becomes a technical difficulty in the aspect of network security research.
At present, HTTPS encryption communication is mainly adopted in pornographic forums and other illegal network applications, information such as IP (Internet protocol) and time of visitors can only be obtained in the prior art, communication content cannot be obtained, effective information cannot be obtained to position and identify user identities only by analyzing network flow, and supervision on the network applications is difficult.
Disclosure of Invention
Aiming at the current situation that key account numbers are difficult to identify in internet application, the invention provides an identification method and an identification system based on time-space correlation analysis, which solve the problem of identification by comparing real-time network flow analysis with a time axis acquired by webpage content, and adopts the following technical scheme:
an identity recognition method based on spatio-temporal correlation analysis comprises the following steps:
s1: the real-time traffic analysis module accesses network traffic to the analysis equipment through the shunt equipment; analyzing the flow data by using an analysis program, extracting online time axis information by webpage crawling, and storing the analyzed data in a database;
s2: the time axis comparison task module creates a time axis comparison task, packages task information into a file and carries the file to the webpage content acquisition module;
s3: the webpage content acquisition module monitors a file sent by the time axis comparison task module in real time and acquires an account number or ID information of the Internet application;
s4: the webpage content acquisition module constructs an internet application template, extracts time axis information data of the account according to the template, packages the acquired time axis information of the account into a file and sends the file to the time axis comparison module;
s5: and the time axis comparison module analyzes and compares the time axis result files and performs real identity association according to the matching degree.
Further, in step S2, the method includes the following steps:
s21: the time axis comparison task module is initialized, monitors a task result file directory and reads files modified under the directory;
s22: the time axis comparison task module creates a time axis comparison task, fills account information of the network forum and stores the account information into a database;
s23: and the time axis comparison task module encapsulates the task and issues a task file, wherein the content comprises a task id and account information of the network forum.
Further, in step S3, the method includes the following steps:
s31: initializing a webpage content acquisition module, monitoring a task file directory, and reading a file with a change under the directory;
s32: the webpage content acquisition module acquires a new task file, creates a task thread, analyzes task content, and acquires information such as a network application type, an account number and the like;
s33: and accessing the internet forum through the headless browser, and logging in the internet forum by using the account number of the pre-applied number.
Further, in step S4, the method includes the following steps:
s41: accessing a home page address of an account in the task through a headless browser, and crawling page contents;
s42: analyzing the collected page content, and extracting information including release content and time points;
s43: and encapsulating the extracted information into a task result file and issuing the task result file to a time axis comparison module.
Further, step S5 includes the following steps:
s51: the time axis comparison module acquires and analyzes a result file, and stores time axis information into a database;
s52: starting to compare tasks, searching the data obtained by analysis of the quick message module in the database according to the time axis information acquired by the result file, if the data is searched, extracting the mobile phone number which is possibly related to the account number in the task, and storing the mobile phone number in the database;
s53: after the comparison task is completed, counting the times of occurrence of the mobile phone numbers, wherein the more times, the higher the association degree between the mobile phone numbers and the account numbers in the task is, and recommending the mobile phone numbers;
s54: and associating the real identity library, and acquiring information such as the user name, the identity card number and the like through the mobile phone number.
Further, in step S4, the internet application template refers to an entire structure including the object model of the web document and the extracted attribute name.
Before the operation of step S52, the parsing module stores the mobile phone number and the relevant operation time point in the database.
An identity recognition system based on spatiotemporal correlation analysis comprises the following modules:
1) the real-time flow analysis module: accessing the intrinsic traffic to an analysis device through a shunting device, constructing a classification model through a machine learning algorithm, extracting time axis data, and storing the analyzed data into a database;
2) the webpage content acquisition module: collecting the content of the Internet application according to the account number or the ID, extracting time axis information in the content through a collecting template, and packaging the time axis information into a file;
3) a time axis comparison task module: creating a time axis comparison task, packaging the task, and sending a task file to a webpage content acquisition module;
4) a time axis comparison module: and comparing the time axis information acquired by the webpage content acquisition module with the time axis information analyzed by the real-time flow, recommending the real identity information of the Internet application account or the ID, and verifying the identity.
The real-time traffic analysis module comprises a traffic access sub-module, a data analysis sub-module and a data storage sub-module which are sequentially connected.
The identity recognition method based on the time-space correlation analysis can effectively and rapidly analyze and recommend the real identity (name, telephone, certificate information and the like) of a single or a plurality of network forum virtual identity targets in the environment, has the concealment property, and can not be discovered by network users.
Drawings
FIG. 1 is a flow chart of parsing a real-time data stream in the present invention;
FIG. 2 is a flowchart of the timeline alignment task of the present invention.
Detailed Description
The invention provides an identity recognition method and system based on spatio-temporal correlation analysis, wherein the identity recognition system based on spatio-temporal correlation analysis comprises the following three modules:
1. the real-time flow analysis module:
the system comprises a flow access submodule, a data analysis submodule and a data storage submodule which are connected in sequence.
As shown in fig. 1, when accessing the distribution device, all the relevant operations of the user, such as logging in a pornographic network forum, publishing information, etc., will be obtained, and the traffic access sub-module is used for accessing real-time traffic data of a network user accessing the pornographic network and sending the data to the analysis device; analyzing by a data analysis submodule of the analysis equipment, constructing a classification model by adopting a machine learning algorithm, analyzing flow data by using an analysis program, extracting online time axis information, namely analyzing the online type and the time point of a user, and acquiring time axis data of a mobile phone number or an online account; and finally, the analyzed data is stored in a database through a data storage submodule.
Wherein the real-time traffic analysis module comprises the following functions:
A1. flow access: the method comprises the steps that domestic traffic is accessed to the resolving device of one party through a shunting device;
A2. data analysis: the method comprises the steps of establishing a classification model through a machine learning algorithm (grouping data packets according to network sessions, extracting the length of encrypted content of an application layer of the data packets, establishing a list according to a corresponding session group, wherein each session corresponds to a length list, the list establishment sequence corresponds to the data flow sequence of the session, the length values are divided positively and negatively and are distinguished according to an interaction mode with flow;
A3. and (4) data storage: and storing the analyzed data into a database.
2. The webpage content acquisition module: the method comprises the steps of collecting the content of the Internet application according to an account number or an ID, extracting time axis information in the content through webpage crawling, and packaging the time axis information into a file.
The webpage content acquisition module comprises the following functions:
B1. reading a task file: monitoring a file sent by a time axis comparison task module in real time, and acquiring an account number or ID information of the Internet application;
B2. acquiring account content: constructing an internet application template, wherein the template comprises the overall structure of a webpage dom (document object model), the extracted attribute name and the like, and extracting time axis information data of the account according to the template;
B3. and issuing a task result file: and packaging the acquired account time axis information into a file and sending the file to a time axis comparison module.
3. A time axis comparison task module: creating a time axis comparison task, packaging the task, and sending a task file to a webpage content acquisition module;
the time axis comparison task module comprises the following functions:
C1. and (3) issuing a task file: and creating a time axis comparison task, packaging the task information into a file, and sending the file to a webpage content acquisition module.
4. A time axis comparison module: the time axis information acquired by the webpage content acquisition module is compared with the time axis information analyzed by the real-time flow, so that the real identity information of the Internet application account or the ID can be recommended and verified.
The time axis comparison module comprises the following functions:
C2. analyzing the time axis file: monitoring a time axis result file sent by a webpage content acquisition module in real time, analyzing time axis information and packaging;
C3. and (3) time axis comparison: comparing the time axis data analyzed in the step C2 with the time axis data acquired by the real-time traffic analysis module, recommending the matched mobile phone number, wherein the higher the matching degree is, the higher the ranking is;
C4. and (3) real identity association: the real identity information is stored in a database, and information such as names and identity card numbers can be obtained through the mobile phone number.
The time axis comparison task module is combined with the time axis comparison module and matched with the webpage content acquisition module, so that the functions of rapidly analyzing and recommending real identities of single or multiple internet forum virtual identity targets in the environment are realized.
The identification method of the identity identification system based on the spatio-temporal correlation analysis comprises the following steps:
s1: the real-time traffic analysis module accesses network traffic to the analysis equipment through the shunt equipment; analyzing the flow data by using an analysis program, extracting online time axis information, and storing the analyzed data in a database;
s2: the time axis comparison task module creates a time axis comparison task, packages task information into a file and carries the file to the webpage content acquisition module;
s3: the webpage content acquisition module monitors a file sent by the time axis comparison task module in real time and acquires an account number or ID information of the Internet application;
s4: the webpage content acquisition module constructs an internet application template, extracts time axis information data of the account according to the template, packages the acquired time axis information of the account into a file and sends the file to the time axis comparison module;
s5: and the time axis comparison module analyzes and compares the time axis result files and performs real identity association according to the matching degree.
Wherein,
in step S2, the method includes the following steps:
s21: the time axis comparison task module is initialized, monitors a task result file directory and reads files modified under the directory;
s22: the time axis comparison task module creates a time axis comparison task, fills account information of the network forum and stores the account information into a database;
s23: and the time axis comparison task module encapsulates the task and issues a task file, wherein the content comprises a task id and account information of the network forum.
In step S3, the method includes the following steps:
s31: initializing a webpage content acquisition module, monitoring a task file directory, and reading a file with a change under the directory;
s32: the webpage content acquisition module acquires a new task file, creates a task thread, analyzes task content, and acquires information such as a network application type, an account number and the like;
s33: and accessing the internet forum through the headless browser, and logging in the internet forum by using the account number of the pre-applied number.
In step S4, the method includes the following steps:
s41: accessing a home page address of an account in the task through a headless browser, and crawling page contents;
s42: analyzing the collected page content, and extracting information such as release content, time point and the like;
s43: and encapsulating the extracted information into a task result file and issuing the task result file to a time axis comparison module.
In step S5, the method includes the following steps:
s51: the time axis comparison module acquires and analyzes a result file, and stores time axis information into a database;
s52: starting to compare tasks, inquiring data obtained by analysis of an analysis module in a database according to time axis information acquired by a result file (the analysis module stores the mobile phone number and the related operation time point in the database before the data is acquired), if the data is inquired, extracting the mobile phone number which is possibly related to an account number in the task, and storing the mobile phone number in the database;
s53: after the comparison task is completed, counting the times of occurrence of the mobile phone numbers, wherein the more times, the higher the association degree between the mobile phone numbers and the account numbers in the task is, and recommending the mobile phone numbers;
s54: and associating the real identity library, and acquiring information such as the user name, the identity card number and the like through the mobile phone number.
The identity recognition method based on the time-space correlation analysis can effectively and rapidly analyze and recommend the real identity (name, telephone, certificate information and the like) of a single or a plurality of network forum virtual identity targets in the environment, has the concealment property, and can not be discovered by network users.
Claims (9)
1. An identity recognition method based on spatio-temporal correlation analysis comprises the following steps:
s1: the real-time traffic analysis module accesses network traffic to the analysis equipment through the shunt equipment; analyzing the flow data by using an analysis program, extracting online time axis information by webpage crawling, and storing the analyzed data in a database;
s2: the time axis comparison task module creates a time axis comparison task, packages task information into a file and carries the file to the webpage content acquisition module;
s3: the webpage content acquisition module monitors a file sent by the time axis comparison task module in real time and acquires an account number or ID information of the Internet application;
s4: the webpage content acquisition module constructs an internet application template, extracts time axis information data of the account according to the template, packages the acquired time axis information of the account into a file and sends the file to the time axis comparison module;
s5: and the time axis comparison module analyzes and compares the time axis result files and performs real identity association according to the matching degree.
2. The method of claim 1, wherein the method comprises: in step S2, the method includes the following steps:
s21: the time axis comparison task module is initialized, monitors a task result file directory and reads files modified under the directory;
s22: the time axis comparison task module creates a time axis comparison task, fills account information of the network forum and stores the account information into a database;
s23: and the time axis comparison task module encapsulates the task and issues a task file, wherein the content comprises a task id and account information of the network forum.
3. The method of claim 1, wherein the method comprises: in step S3, the method includes the following steps:
s31: initializing a webpage content acquisition module, monitoring a task file directory, and reading a file with a change under the directory;
s32: the webpage content acquisition module acquires a new task file, creates a task thread, analyzes task content, and acquires information such as a network application type, an account number and the like;
s33: and accessing the internet forum through the headless browser, and logging in the internet forum by using the account number of the pre-applied number.
4. The method of claim 1, wherein the method comprises: in step S4, the method includes the following steps:
s41: accessing a home page address of an account in the task through a headless browser, and crawling page contents;
s42: analyzing the collected page content, and extracting information including release content and time points;
s43: and encapsulating the extracted information into a task result file and issuing the task result file to a time axis comparison module.
5. The method of claim 1, wherein the method comprises: in step S5, the method includes the following steps:
s51: the time axis comparison module acquires and analyzes a result file, and stores time axis information into a database;
s52: starting to compare tasks, searching the data obtained by analysis of the quick message module in the database according to the time axis information acquired by the result file, if the data is searched, extracting the mobile phone number which is possibly related to the account number in the task, and storing the mobile phone number in the database;
s53: after the comparison task is completed, counting the times of occurrence of the mobile phone numbers, wherein the more times, the higher the association degree between the mobile phone numbers and the account numbers in the task is, and recommending the mobile phone numbers;
s54: and associating the real identity library, and acquiring information such as the user name, the identity card number and the like through the mobile phone number.
6. The method of claim 1, wherein the method comprises: in step S4, the internet application template includes the entire structure of the web document object model and the extracted attribute name.
7. The method of claim 5, wherein the method comprises: before the operation of step S52, the parsing module has stored the mobile phone number and the relevant operation time point in the database.
8. An identity recognition system based on spatiotemporal correlation analysis, characterized by: the system comprises the following modules:
1) the real-time flow analysis module: accessing the intrinsic traffic to an analysis device through a shunting device, constructing a classification model through a machine learning algorithm, extracting time axis data, and storing the analyzed data into a database;
2) the webpage content acquisition module: collecting the content of the Internet application according to the account number or the ID, extracting time axis information in the content through a collecting template, and packaging the time axis information into a file;
3) a time axis comparison task module: creating a time axis comparison task, packaging the task, and sending a task file to a webpage content acquisition module;
4) a time axis comparison module: and comparing the time axis information acquired by the webpage content acquisition module with the time axis information analyzed by the real-time flow, recommending the real identity information of the Internet application account or the ID, and verifying the identity.
9. The identification system based on spatiotemporal correlation analysis of claim 8, wherein: the real-time traffic analysis module comprises a traffic access sub-module, a data analysis sub-module and a data storage sub-module which are sequentially connected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911101592.5A CN110855663B (en) | 2019-11-12 | 2019-11-12 | Identification method and system based on time-space correlation analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911101592.5A CN110855663B (en) | 2019-11-12 | 2019-11-12 | Identification method and system based on time-space correlation analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110855663A true CN110855663A (en) | 2020-02-28 |
| CN110855663B CN110855663B (en) | 2021-12-14 |
Family
ID=69600538
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911101592.5A Active CN110855663B (en) | 2019-11-12 | 2019-11-12 | Identification method and system based on time-space correlation analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110855663B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588889A (en) * | 2004-09-24 | 2005-03-02 | 清华大学 | Abnormal detection method for user access activity in attached net storage device |
| EP2031827A1 (en) * | 2007-08-31 | 2009-03-04 | Sony Corporation | A content protection method and apparatus |
| CN104793836A (en) * | 2014-01-16 | 2015-07-22 | 中兴通讯股份有限公司 | Information processing method and device based on user operations and terminal |
| CN106713034A (en) * | 2016-12-23 | 2017-05-24 | 广州帷策智能科技有限公司 | Wechat public account making user group activation monitoring method and apparatus |
| CN107172030A (en) * | 2017-05-09 | 2017-09-15 | 国家计算机网络与信息安全管理中心 | A kind of high concealed and anti-communication means traced to the source |
| CN108964995A (en) * | 2018-07-03 | 2018-12-07 | 上海新炬网络信息技术股份有限公司 | Log correlation analysis method based on time shaft event |
| CN108965055A (en) * | 2018-07-17 | 2018-12-07 | 成都力鸣信息技术有限公司 | A kind of network flow abnormal detecting method taking a method based on historical time |
| CN109462573A (en) * | 2018-09-20 | 2019-03-12 | 视联动力信息技术股份有限公司 | A kind of method for operating traffic thereof and device based on time shaft |
| CN109754126A (en) * | 2019-01-30 | 2019-05-14 | 银江股份有限公司 | Short-time Traffic Flow Forecasting Methods based on temporal correlation and convolutional neural networks |
| CN109905873A (en) * | 2019-02-25 | 2019-06-18 | 国家计算机网络与信息安全管理中心 | A kind of network account correlating method based on signature identification information |
-
2019
- 2019-11-12 CN CN201911101592.5A patent/CN110855663B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588889A (en) * | 2004-09-24 | 2005-03-02 | 清华大学 | Abnormal detection method for user access activity in attached net storage device |
| EP2031827A1 (en) * | 2007-08-31 | 2009-03-04 | Sony Corporation | A content protection method and apparatus |
| CN104793836A (en) * | 2014-01-16 | 2015-07-22 | 中兴通讯股份有限公司 | Information processing method and device based on user operations and terminal |
| CN106713034A (en) * | 2016-12-23 | 2017-05-24 | 广州帷策智能科技有限公司 | Wechat public account making user group activation monitoring method and apparatus |
| CN107172030A (en) * | 2017-05-09 | 2017-09-15 | 国家计算机网络与信息安全管理中心 | A kind of high concealed and anti-communication means traced to the source |
| CN108964995A (en) * | 2018-07-03 | 2018-12-07 | 上海新炬网络信息技术股份有限公司 | Log correlation analysis method based on time shaft event |
| CN108965055A (en) * | 2018-07-17 | 2018-12-07 | 成都力鸣信息技术有限公司 | A kind of network flow abnormal detecting method taking a method based on historical time |
| CN109462573A (en) * | 2018-09-20 | 2019-03-12 | 视联动力信息技术股份有限公司 | A kind of method for operating traffic thereof and device based on time shaft |
| CN109754126A (en) * | 2019-01-30 | 2019-05-14 | 银江股份有限公司 | Short-time Traffic Flow Forecasting Methods based on temporal correlation and convolutional neural networks |
| CN109905873A (en) * | 2019-02-25 | 2019-06-18 | 国家计算机网络与信息安全管理中心 | A kind of network account correlating method based on signature identification information |
Non-Patent Citations (1)
| Title |
|---|
| 裴华艳等: "WSN时空相关性隐私数据保护研究", 《电脑知识与技术》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110855663B (en) | 2021-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106789242B (en) | Intelligent identification application analysis method based on mobile phone client software dynamic feature library | |
| CN106878265A (en) | A kind of data processing method and device | |
| CN114866486B (en) | Encryption traffic classification system based on data packet | |
| CN105138709A (en) | Remote evidence taking system based on physical memory analysis | |
| CN111882367A (en) | Method for monitoring and tracking online advertisements through user internet behavior analysis | |
| Bachupally et al. | Network security analysis using Big Data technology | |
| CN112560029A (en) | Website content monitoring and automatic response protection method based on intelligent analysis technology | |
| CN117955745B (en) | Network attack homology analysis method integrating network flow characteristics and threat information | |
| CN106096406B (en) | A kind of security breaches backtracking analysis method and device | |
| Ring et al. | A toolset for intrusion and insider threat detection | |
| CN114338171A (en) | Black product attack detection method and device | |
| Tongaonkar | A look at the mobile app identification landscape | |
| Ren et al. | App identification based on encrypted multi-smartphone sources traffic fingerprints | |
| CN102984162B (en) | The recognition methods of credible website and gathering system | |
| Hasselquist et al. | Lightweight fingerprint attack and encrypted traffic analysis on news articles | |
| Kamal et al. | Vulnerability of virtual private networks to web fingerprinting attack | |
| Han et al. | Detecting proxy user based on communication behavior portrait | |
| CN110855663B (en) | Identification method and system based on time-space correlation analysis | |
| CN111310796B (en) | Web user click recognition method oriented to encrypted network flow | |
| CN109981529A (en) | Receive message method, apparatus, system and computer storage medium | |
| CN111200543A (en) | Encryption protocol identification method based on active service detection engine technology | |
| CN106982147B (en) | Communication monitoring method and device for Web communication application | |
| Liang et al. | A multi-view deep learning model for encrypted website service classification | |
| Wang et al. | Towards comprehensive analysis of tor hidden service access behavior identification under obfs4 scenario | |
| CN111835720B (en) | VPN flow WEB fingerprint identification method based on feature enhancement |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |