CN113014454A - SSLTLS protocol-based user agent identification and quantity detection method - Google Patents
SSLTLS protocol-based user agent identification and quantity detection method Download PDFInfo
- Publication number
- CN113014454A CN113014454A CN202110247029.XA CN202110247029A CN113014454A CN 113014454 A CN113014454 A CN 113014454A CN 202110247029 A CN202110247029 A CN 202110247029A CN 113014454 A CN113014454 A CN 113014454A
- Authority
- CN
- China
- Prior art keywords
- user agent
- tls
- ssl
- session
- agent identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/30—Types of network names
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a SSLTLS protocol-based user agent identification and quantity detection method, which comprises an SSL/TLS flow acquisition module, a user agent identification module and a user agent quantity detection module, and comprises the following steps: s1SSL/TLS traffic acquisition: acquiring monitored flow through an SSL/TLS flow acquisition module, and identifying the SSL/TLS flow; s2 user agent identification: the input is passive flow, and the method relates to the technical field of network information security. The SSLTLS protocol-based user agent identification and quantity detection method can be used for constructing the user agent identification from SSL/TLS flow, compared with a method for extracting the user agent identification from clear text network flow through a deep packet detection technology, the method can be applied to user agents with wider application range, all user agents adopting SSL/TLS encrypted flow can process the SSL/TLS encrypted flow, and the quantity of the existing user agents is judged through the quantity of the sessionTickets which simultaneously exist in the sessionTicket sequence corresponding to the same user agent identification.
Description
Technical Field
The invention relates to the technical field of network information security, in particular to a user agent identification and quantity detection method based on an SSLTLS protocol.
Background
The user agent:
a user agent refers to a program, a software agent, that represents the behavior of a user. For example, a web browser is a "user agent that helps a user to obtain, render, and interact with web content"; the e-mail client is a user agent for helping a user to edit and send and receive mails, and similarly, for a common IM tool such as WeChat, a Windows client, an Android client, an iOS client and a Web client can be regarded as user agents for users to use WeChat services.
In the application layer protocols such as HTTP, SIP, SMTP/NNTP, etc., when a User Agent makes a request to a server, information named "User Agent" is attached to the User Agent to identify information such as the model and version of the User Agent, i.e., a User Agent identifier, but for most services such as FTP, Telnet, and NFS, the User agents of these protocols do not attach information such as the model version of the User Agent, and in addition, more and more User agents choose to encrypt data using the SSL/TLS protocol in consideration of network security, so in many cases, the User Agent identifier of the User Agent cannot be obtained from plaintext network traffic through deep packet inspection technology.
JA3 fingerprint:
JA3 fingerprint is MD5 HASH value of fields such as encryption suite, extension and the like in the Client Hello message, and the mode of using SSL/TLS protocol by different user agents is different, because a programmer can freely select which encryption suite to use and enable the extension according to an open source library such as OpenSSL and the like as long as the standard of the SSL/TLS protocol is met.
Information such as an encryption suite, an extension field and the like related to JA3 fingerprint can be contained in a Client Hello message sent by a user agent, and can form a basis for distinguishing different user agents.
SSL/TLS Session Ticket:
SSL/TLS Session Ticket is a SSL/TLS Session multiplexing mechanism, in the handshake phase of SSL/TLS, a user agent can attach Session Ticket to a Client Hello message, the Session Ticket contains information such as Session key of the last SSL/TLS connection, and the information is encrypted by a special key STEK of a server, so that the last TLS connection is tried to be recovered, and the time required by the TLS connection is reduced.
Because SSL/TLS Session Ticket contains random number components, the SSL/TLS Session multiplexing occurs as long as the same Session Ticket value appears in the SSL/TLS flow, the life time of an SSL/TLS Session can be deduced according to the time difference between the first appearance and the last appearance of the same Session Ticket in the SSL/TLS flow, and the invention provides a method for detecting the number of the same user agents based on the life time of the SSL/TLS Session.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a user agent identification and quantity detection method based on SSLTLS protocol, which solves the problem that the user agent using SSL/TLS protocol to encrypt flow is difficult to generate proper identification.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme: a SSLTLS protocol-based user agent identification and quantity detection method comprises an SSL/TLS flow acquisition module, a user agent identification module and a user agent quantity detection module, and comprises the following steps:
s1SSL/TLS traffic acquisition: acquiring monitored flow through an SSL/TLS flow acquisition module, and identifying the SSL/TLS flow;
s2 user agent identification: the input is passive flow, and a user agent identifier, namely a triple JA3 fingerprint, a server domain name and a server IP are extracted from a TLS Client Hello message of the passive flow;
s3 user agent number detection: firstly, extracting a user agent identifier and a Session Ticket value in a Session Ticket expansion field from a TLS Client Hello message, recording a time stamp of each Client Hello message reaching an analysis module, and constructing a Session Ticket sequence with the time stamp for each user agent identifier;
then, analyzing the corresponding Session socket sequence of each user agent, and finding the lifetime of each Session socket, namely the time from the first occurrence of the same Session socket to the last occurrence of the same Session socket;
for each time point in the Session Ticket sequence, the number of Session tickets whose lifetime includes the time point is calculated, and the value is the number of the user agents existing at the time point.
Further, the SSL/TLS traffic obtained in step S1 is used as the input traffic to be processed by the user agent identifier and the user agent number detection module.
Further, the passive traffic in the step S2 is the identified SSL/TLS traffic in the step S1.
Further, in the step S2, the JA3 fingerprint is an MD5 Hash value of a decimal string concatenation result of each Support Group in the Extension field of Support Group and each EC Point Format in the Extension field of EC Point Format, and each SSL/TLS protocol version number in the SSL/TLS Client Hello message.
Further, the Server Name in the step S2 is the content of the Server Name Indication extension field in the Client Hello message.
Further, the user agent identification in step S2 can be applied to all user agents using SSL/TLS encrypted traffic, and SSL/TLS encrypted traffic can be processed.
Further, in step S3, the user agent may use the same TLS Session to initiate a TLS connection request for multiple times, that is, send out a Client Hello packet, and then all the Client Hello packets have Session sockets, and the Session sockets have the same value. The network behavior of the user agent may thus constitute a Session packet sequence.
Further, the Session Ticket lifetime in step S3 is the lifetime of a Session Ticket in the first and last time periods of the Session Ticket sequence.
Furthermore, the SSL/TLS flow needs to be used in the process of data transmission, the server and installation equipment thereof are required to be used, the installation equipment comprises a mounting frame and a server body, a mounting groove is formed in the bottom of the mounting frame, a radiating groove and a through hole are formed in the mounting frame, a connecting groove is formed in the top of the mounting frame, a radiating fan is fixedly connected to one side of the mounting frame, the input end of the radiating fan is mutually communicated with the inside of the radiating groove, a ventilation cover is arranged on the inner surface of the connecting groove, a connecting pipe is fixedly connected to the bottom of the ventilation cover, a drainage cover is fixedly connected to the inner surface of the ventilation cover, a filter screen cover is fixedly connected to the top of the drainage cover, the inside of the filter screen cover is mutually communicated with the inside of the drainage cover, a rotating cover is rotatably connected to the top of the, the surface of the cleaning brush plate is matched with the outer surface of the filter screen cover, and the inner surface of the ventilation cover is fixedly connected with a baffle.
Further, the inside of radiating groove passes through the through-hole with the inside of mounting groove communicates with each other, the inside of spread groove with the inside of mounting groove communicates with each other, the surface mounting of server body in the inboard of mounting groove.
(III) advantageous effects
The invention has the following beneficial effects:
(1) according to the SSLTLS protocol-based user agent identification and quantity detection method, a triple group consisting of JA3 fingerprint, a server domain name and a server IP is used as the identification of a user agent, and the method for constructing the user agent identification from SSL/TLS flow is adopted.
(2) According to the user agent identification and quantity detection method based on the SSLTLS protocol, the Client Hello message is provided with the Session sockets, and the Session sockets are identical in value, so that the network behavior of the user agent can form a Session socket sequence, and the quantity of the existing user agents can be judged according to the quantity of the Session sockets which exist at the same time in the Session socket sequence corresponding to the same user agent identification.
Of course, it is not necessary for any product to practice the invention to achieve all of the above-described advantages simultaneously
Drawings
FIG. 1 is a general framework diagram of a SSL/TLS protocol-based user agent identification and quantity detection method provided by the present invention;
FIG. 2 is the contents of Session Ticket in the Session Ticket extension field in the SSL/TLS Client Hello message provided by the present invention;
fig. 3 is a schematic structural diagram of an installation device of a server in use according to the SSL/TLS protocol-based user agent identification and quantity detection method provided in the present invention;
FIG. 4 is a schematic view of the structure of the portion of the ventilation hood of FIG. 3 according to the present invention;
FIG. 5 is an enlarged view of portion A of FIG. 4 in accordance with the present invention;
in the figure, 1-a mounting frame, 11-a mounting groove, 12-a radiating groove, 13-a through hole, 14-a connecting groove, 2-a server body, 3-a radiating fan, 4-a ventilating hood, 41-a connecting pipe, 5-a drainage hood, 51-a filter screen cover, 6-a rotating hood, 61-a cleaning brush plate and 7-a baffle plate.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "opening," "upper," "lower," "thickness," "top," "middle," "length," "inner," "peripheral," and the like are used in an orientation or positional relationship that is merely for convenience in describing and simplifying the description, and do not indicate or imply that the referenced component or element must have a particular orientation, be constructed and operated in a particular orientation, and thus should not be considered as limiting the present invention.
Referring to fig. 1-5, an embodiment of the present invention provides a technical solution: a SSLTLS protocol-based user agent identification and quantity detection method comprises an SSL/TLS flow acquisition module, a user agent identification module and a user agent quantity detection module, and comprises the following steps:
s1SSL/TLS traffic acquisition: acquiring monitored flow through an SSL/TLS flow acquisition module, and identifying the SSL/TLS flow;
s2 user agent identification: the input is passive flow, and a user agent identifier, namely a triple JA3 fingerprint, a server domain name and a server IP are extracted from a TLS Client Hello message of the passive flow;
s3 user agent number detection: firstly, extracting a user agent identifier and a Session Ticket value in a Session Ticket expansion field from a TLS Client Hello message, recording a time stamp of each Client Hello message reaching an analysis module, and constructing a Session Ticket sequence with the time stamp for each user agent identifier;
then, analyzing the corresponding Session socket sequence of each user agent, and finding the lifetime of each Session socket, namely the time from the first occurrence of the same Session socket to the last occurrence of the same Session socket;
for each time point in the Session Ticket sequence, the number of Session tickets whose lifetime includes the time point is calculated, and the value is the number of the user agents existing at the time point.
The SSL/TLS traffic obtained in step S1 is used as the input traffic to be processed by the user agent identifier and the user agent number detection module.
The passive traffic in the step S2 is the identified SSL/TLS traffic in the step S1.
The JA3 fingerprint in the step S2 is an MD5 Hash value of a decimal character string splicing result of each Support Group in a Support Group Extension field and each EC Point Format in an Extension field of the Support Group, each Cipher Suite, each Extension type number in an SSL/TLS Client Hello message, and each Support Group in the Extension field of the Support Group.
The Server Name in the step S2 is the content of the Server Name Indication extension field in the Client Hello message.
The user agent identification in step S2 can apply to all user agents that use SSL/TLS encrypted traffic and can process SSL/TLS encrypted traffic.
In step S3, the user agent may use the same TLS Session to initiate a TLS connection request for multiple times, that is, send out a Client Hello packet, and then all the Client Hello packets have Session packets, and the Session packets have the same value. The network behavior of the user agent may thus constitute a Session packet sequence.
The Session Ticket lifetime in step S3 is the lifetime of a Session Ticket in the first and last time periods of the Session Ticket sequence.
Based on the user agent identification of SSL/TLS protocol traffic, the service domain name or service IP accessed by a general user agent is often fixed, and the service domain name or service IP accessed by different types of user agents are different: for example, the server domain name that the paupul application will access will be different from the server domain name that the wechat application will access;
a special case of such a setting is a browser, which can access any domain name existing in the internet, and for the browser, it can be considered that many kinds of user agents exist in one browser, and the browser accesses services corresponding to different domain names and is regarded as a user agent "dedicated" to the domain name.
The invention uses the triple composed of JA3 fingerprint, server domain name and server IP as the user agent mark, and this method constructs the user agent mark from SSL/TLS flux, compared with the method of extracting the user agent mark from the clear network flux by deep packet inspection technology, it can apply to wider user agent, all the user agents using SSL/TLS encrypted flux, and can process the SSL/TLS encrypted flux.
And constructing an SSL/TLS Session socket sequence for each user agent identifier according to a user agent identifier set obtained from the SSL/TLS flow, and judging the number of the same user agents in the monitored flow in the same time window according to the SSL/TLS Session socket sequence.
In the SSL/TLS Session socket-based user agent number detection method, under a general condition, a user agent can use the same TLS Session to initiate a TLS connection request for multiple times, namely, a Client Hello message is sent, then the Client Hello messages all have Session sockets, and the Session sockets have the same value, so that the network behavior of the user agent can form a Session socket sequence, and the number of the existing user agents can be judged through the number of the Session sockets which exist at the same time in the Session socket sequence corresponding to the same user agent identifier.
The SSL/TLS flow needs to be used in the process of data transmission, the server and the installation equipment thereof are required to be used, the installation equipment comprises an installation frame 1 and a server body 2, an installation groove 11 is formed in the bottom of the installation frame 1, a heat dissipation groove 12 and a through hole 13 are formed in the installation frame 1, a connection groove 14 is formed in the top of the installation frame 1, a heat dissipation fan 3 is fixedly connected to one side of the installation frame 1, the input end of the heat dissipation fan 3 is mutually communicated with the inside of the heat dissipation groove 12, a ventilation hood 4 is arranged on the inner surface of the connection groove 14, a connecting pipe 41 is fixedly connected to the bottom of the ventilation hood 4, a drainage hood 5 is fixedly connected to the inner surface of the ventilation hood 4, a filter screen cover 51 is fixedly connected to the top of the drainage hood 5, the inside of the filter screen cover 51 is mutually communicated with the inside, the bottom fixedly connected with of rotatory cover 6 cleans brush board 61, the surface of cleaning brush board 61 with filter screen panel 51's surface looks adaptation, the internal surface fixedly connected with baffle 7 of draft hood 4.
The bottom is provided with supporting platform when mounting bracket 1 uses for support and spacing to server body 2, adopt the screw fixation together between the bottom of mounting bracket 1 and the supporting platform simultaneously, in order to make things convenient for server body 2 to install in the inside of mounting groove 11.
The heat dissipation groove 12 is of an annular structure and is positioned on the outer side of the mounting groove 11, the heat dissipation groove 12 is communicated with the inside of the mounting groove 11 through the through hole 13, heat generated by the server is conveniently discharged into the heat dissipation groove 12, and after the heat dissipation fan 3 is started, the outward flowing of gas in the heat dissipation groove 12 is accelerated, so that the heat dissipation of the server body is accelerated;
the internal surface of spread groove 14 is internal thread structure, the surface of connecting pipe 41 is the structure of external screw thread, the surface of connecting pipe 41 is through external screw thread structure convenient to install on the internal thread structure of spread groove 14, thereby make things convenient for the installation and the dismantlement of draft hood 4, the inboard of draft hood 4 is provided with arc structure's drainage cover 5, fixed mounting has filter screen panel 51 on the drainage cover 5, filter screen panel 51 filters the air that gets into, the dust after the filtration is cleaned and is maintained through rotatable regulation's rotatory cover 6 and clearance brush board 61 convenience to filter screen panel 51's surface, the dust after the clearance is conveniently concentrated to be collected to the below of baffle 7 through curved drainage cover 5, baffle 7 can the effectual influence that reduces the air that the top flows and collect the dust below, guarantee ventilation stability.
The inside of the heat dissipation groove 12 is communicated with the inside of the mounting groove 11 through the through hole 13, the inside of the connection groove 14 is communicated with the inside of the mounting groove 11, and the surface of the server body 2 is installed on the inner side of the mounting groove 11.
The through hole 13 facilitates the temperature inside the mounting groove 11 to be transferred to the inside of the heat dissipation groove 12, and guarantees are provided for heat dissipation and ventilation.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise embodiments disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.
Claims (10)
1. A SSLTLS protocol-based user agent identification and quantity detection method comprises an SSL/TLS flow acquisition module, a user agent identification module and a user agent quantity detection module, and is characterized in that: the method comprises the following steps:
s1SSL/TLS traffic acquisition: acquiring monitored flow through an SSL/TLS flow acquisition module, and identifying the SSL/TLS flow;
s2 user agent identification: the input is passive flow, and a user agent identifier, namely a triple JA3 fingerprint, a server domain name and a server IP are extracted from a TLS Client Hello message of the passive flow;
s3 user agent number detection: firstly, extracting a user agent identifier and a Session Ticket value in a Session Ticket expansion field from a TLS Client Hello message, recording a time stamp of each Client Hello message reaching an analysis module, and constructing a Session Ticket sequence with the time stamp for each user agent identifier;
then, analyzing the corresponding Session socket sequence of each user agent, and finding the lifetime of each Session socket, namely the time from the first occurrence of the same Session socket to the last occurrence of the same Session socket;
for each time point in the Session Ticket sequence, the number of Session tickets whose lifetime includes the time point is calculated, and the value is the number of the user agents existing at the time point.
2. The SSLTLS protocol based user agent identification and quantity detection method according to claim 1, wherein: the SSL/TLS traffic obtained in step S1 is used as the input traffic to be processed by the user agent identifier and the user agent number detection module.
3. The SSLTLS protocol based user agent identification and quantity detection method according to claim 1, wherein: the passive traffic in the step S2 is the identified SSL/TLS traffic in the step S1.
4. The SSLTLS protocol based user agent identification and quantity detection method according to claim 1, wherein: the JA3 fingerprint in the step S2 is an MD5 Hash value of a decimal character string splicing result of each Support Group in a Support Group Extension field and each EC Point Format in an Extension field of the Support Group, each Cipher Suite, each Extension type number in an SSL/TLS Client Hello message, and each Support Group in the Extension field of the Support Group.
5. The SSLTLS protocol based user agent identification and quantity detection method according to claim 1, wherein: the Server Name in the step S2 is the content of the Server Name Indication extension field in the Client Hello message.
6. The SSLTLS protocol based user agent identification and quantity detection method according to claim 1, wherein: the user agent identification in step S2 can apply to all user agents that use SSL/TLS encrypted traffic and can process SSL/TLS encrypted traffic.
7. The SSLTLS protocol based user agent identification and quantity detection method according to claim 1, wherein: in step S3, the user agent may use the same TLS Session to initiate a TLS connection request for multiple times, that is, send out a Client Hello packet, and then all the Client Hello packets have Session packets, and the Session packets have the same value. The network behavior of the user agent may thus constitute a Session packet sequence.
8. The SSLTLS protocol based user agent identification and quantity detection method according to claim 1, wherein: the Session Ticket lifetime in step S3 is the lifetime of a Session Ticket in the first and last time periods of the Session Ticket sequence.
9. The SSLTLS protocol based user agent identification and quantity detection method according to claim 1, wherein: the SSL/TLS flow needs to be used in a server and installation equipment thereof in the data transmission process, the installation equipment comprises an installation frame (1) and a server body (2), an installation groove (11) is formed in the bottom of the installation frame (1), a radiating groove (12) and a through hole (13) are formed in the installation frame (1), a connecting groove (14) is formed in the top of the installation frame (1), a radiating fan (3) is fixedly connected to one side of the installation frame (1), the input end of the radiating fan (3) is communicated with the inside of the radiating groove (12), a ventilation hood (4) is arranged on the inner surface of the connecting groove (14), a connecting pipe (41) is fixedly connected to the bottom of the ventilation hood (4), a drainage hood (5) is fixedly connected to the inner surface of the ventilation hood (4), and a mesh enclosure (51) is fixedly connected to the top of the drainage hood (5), the inside of filtering net cover (51) with the inside of drainage cover (5) communicates each other, the top of filtering net cover (51) is rotated and is connected with rotatory cover (6), the bottom fixedly connected with of rotatory cover (6) clears up brush board (61), the surface of clearance brush board (61) with the surface looks adaptation of filtering net cover (51), the internal surface fixed connection of ventilation hood (4) has baffle (7).
10. The method of claim 9, wherein the method for detecting the number and identity of the user agents based on the SSLTLS protocol comprises: the inside of radiating groove (12) passes through-hole (13) with the inside of mounting groove (11) communicates with each other, the inside of spread groove (14) with the inside of mounting groove (11) communicates with each other, the surface mounting of server body (2) in the inboard of mounting groove (11).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110247029.XA CN113014454B (en) | 2021-03-05 | 2021-03-05 | SSL and TLS protocol-based user agent identification and quantity detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110247029.XA CN113014454B (en) | 2021-03-05 | 2021-03-05 | SSL and TLS protocol-based user agent identification and quantity detection method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113014454A true CN113014454A (en) | 2021-06-22 |
| CN113014454B CN113014454B (en) | 2022-06-14 |
Family
ID=76407319
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110247029.XA Active CN113014454B (en) | 2021-03-05 | 2021-03-05 | SSL and TLS protocol-based user agent identification and quantity detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113014454B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114172645A (en) * | 2021-12-06 | 2022-03-11 | 北京天融信网络安全技术有限公司 | Communication bypass auditing method and device, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972306A (en) * | 2006-12-01 | 2007-05-30 | 浙江大学 | Implementation method of secure socket layer protocol secure proxy multiple authentication |
| CN103856524A (en) * | 2012-12-04 | 2014-06-11 | 中山大学深圳研究院 | Method and system for identifying legal content on basis of white list of user agent |
| CN108737328A (en) * | 2017-04-14 | 2018-11-02 | 新浪网技术(中国)有限公司 | A kind of browser client acts on behalf of recognition methods, system and device |
| US20190116205A1 (en) * | 2017-10-16 | 2019-04-18 | International Business Machines Corporation | Quick Transport Layer Security/Secure Sockets Layer Connection for Internet of Things Devices |
| CN109802928A (en) * | 2017-11-17 | 2019-05-24 | 中兴通讯股份有限公司 | A kind of SSL/TLS Proxy Method, device, equipment and storage medium |
| CN110622482A (en) * | 2017-06-01 | 2019-12-27 | 国际商业机器公司 | No cache session ticket support in TLS inspection |
| US20200162432A1 (en) * | 2018-11-16 | 2020-05-21 | Akamai Technologies, Inc. | Systems and methods for proxying encrypted traffic to protect origin servers from internet threats |
| CN111464485A (en) * | 2019-01-22 | 2020-07-28 | 北京金睛云华科技有限公司 | Encrypted proxy flow detection method and device |
-
2021
- 2021-03-05 CN CN202110247029.XA patent/CN113014454B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972306A (en) * | 2006-12-01 | 2007-05-30 | 浙江大学 | Implementation method of secure socket layer protocol secure proxy multiple authentication |
| CN103856524A (en) * | 2012-12-04 | 2014-06-11 | 中山大学深圳研究院 | Method and system for identifying legal content on basis of white list of user agent |
| CN108737328A (en) * | 2017-04-14 | 2018-11-02 | 新浪网技术(中国)有限公司 | A kind of browser client acts on behalf of recognition methods, system and device |
| CN110622482A (en) * | 2017-06-01 | 2019-12-27 | 国际商业机器公司 | No cache session ticket support in TLS inspection |
| US20190116205A1 (en) * | 2017-10-16 | 2019-04-18 | International Business Machines Corporation | Quick Transport Layer Security/Secure Sockets Layer Connection for Internet of Things Devices |
| CN109802928A (en) * | 2017-11-17 | 2019-05-24 | 中兴通讯股份有限公司 | A kind of SSL/TLS Proxy Method, device, equipment and storage medium |
| US20200162432A1 (en) * | 2018-11-16 | 2020-05-21 | Akamai Technologies, Inc. | Systems and methods for proxying encrypted traffic to protect origin servers from internet threats |
| CN111464485A (en) * | 2019-01-22 | 2020-07-28 | 北京金睛云华科技有限公司 | Encrypted proxy flow detection method and device |
Non-Patent Citations (3)
| Title |
|---|
| KARTHIKEYAN BHARGAVAN等: ""Triple Handsharks and Cookie Cutters: Breaking and Fixing Authentication over TLS"", 《2014 IEEE SYMPOSIUM ON SECURITY AND PRIVACY》, 20 November 2014 (2014-11-20), pages 98 - 113 * |
| MRPRE: ""TLS/SSL协议详解(22)会话复用"", 《CSDN博客》, 8 September 2017 (2017-09-08) * |
| 张先勇: ""基于增益因子加权特征提取算法的移动应用流量识别系统设计"", 《中国优秀硕士学位论文全文数据库》, 15 December 2020 (2020-12-15), pages 139 - 41 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114172645A (en) * | 2021-12-06 | 2022-03-11 | 北京天融信网络安全技术有限公司 | Communication bypass auditing method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113014454B (en) | 2022-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7917647B2 (en) | Method and apparatus for rate limiting | |
| US9197527B2 (en) | Network appliance for monitoring network requests for multimedia content | |
| TW470879B (en) | Information security analysis system | |
| Claise | Cisco systems netflow services export version 9 | |
| US7047288B2 (en) | Automated generation of an english language representation of a formal network security policy specification | |
| US7877804B2 (en) | Comprehensive security structure platform for network managers | |
| Lastovicka et al. | Passive os fingerprinting methods in the jungle of wireless networks | |
| Deri et al. | Effective traffic measurement using ntop | |
| CN110011973B (en) | Industrial control network access rule construction method and training system | |
| US20040103315A1 (en) | Assessment tool | |
| US20040015579A1 (en) | Method and apparatus for enterprise management | |
| US20030061506A1 (en) | System and method for security policy | |
| CN111147305A (en) | Network asset portrait extraction method | |
| WO2001099349A2 (en) | Assessment tool | |
| KR20040068365A (en) | Method to automatically configure network routing device | |
| CN113014454B (en) | SSL and TLS protocol-based user agent identification and quantity detection method | |
| JP2006505161A (en) | Methods for collecting user network usage data | |
| Nawrocki et al. | Industrial control protocols in the Internet core: Dismantling operational practices | |
| JP2006229700A (en) | Monitoring proxy service system of inter-network path information, its method and device and its program | |
| JP2006221327A (en) | Computer system and storage device | |
| Cisco | Cisco Intrusion Detection System Signature Engines Version 3.1 | |
| Hucaby | Cisco asa, pix, and fwsm firewall handbook | |
| Cisco | Release Notes for the Cisco Secure PIX Firewall Version 5.2(5) | |
| Cisco | Release Notes for the Cisco Secure PIX Firewall Version 5.2(4) | |
| CN114499953A (en) | Privacy information intelligent security method and device based on flow analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 571924 Room 301, 3rd floor, building A09, Hainan Ecological Software Park, Laocheng hi tech Industrial Demonstration Zone, Chengmai County, Haikou City, Hainan Province Patentee after: Jizhi (Hainan) Information Technology Co.,Ltd. Address before: 571924 Room 301, 3rd floor, building A09, Hainan Ecological Software Park, Laocheng hi tech Industrial Demonstration Zone, Chengmai County, Haikou City, Hainan Province Patentee before: Zhongdian Jizhi (Hainan) Information Technology Co.,Ltd. |