CN113810336A - Data message encryption determination method and device and computer equipment - Google Patents
Data message encryption determination method and device and computer equipment Download PDFInfo
- Publication number
- CN113810336A CN113810336A CN202010533234.8A CN202010533234A CN113810336A CN 113810336 A CN113810336 A CN 113810336A CN 202010533234 A CN202010533234 A CN 202010533234A CN 113810336 A CN113810336 A CN 113810336A
- Authority
- CN
- China
- Prior art keywords
- array
- data
- messages
- encrypted
- information entropy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 230000015654 memory Effects 0.000 claims description 18
- 238000003491 array Methods 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 2
- 238000005065 mining Methods 0.000 description 16
- 238000012360 testing method Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 238000009412 basement excavation Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 239000002699 waste material Substances 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data message encryption determination method, a data message encryption determination device and computer equipment, wherein the method comprises the following steps: acquiring a plurality of messages transmitted by the tested equipment; sequentially extracting data of the nth unit of the plurality of messages according to a preset unit to form N number groups, wherein the value of N is determined according to the message with the minimum length, and the value range of N is 1-N; respectively calculating the information entropy of each array according to the message data in each array; and determining whether the plurality of messages are encrypted according to the information entropy of each array. The method utilizes the randomness principle of encrypted messages to judge whether the data messages are encrypted, and because the encrypted messages have strong data randomness, after the encrypted messages are aligned in the longitudinal direction, the information entropy of an array obtained by cutting in the longitudinal direction is very large, while the encrypted messages do not have the information entropy of an array obtained by cutting in the longitudinal direction after the encrypted messages are aligned in the longitudinal direction, the information entropy of the array obtained by cutting in the longitudinal direction is very small, and through the characteristic, whether the encrypted messages are encrypted or not can be simply and quickly determined.
Description
Technical Field
The invention relates to the technical field of industrial control, in particular to a data message encryption determination method, a data message encryption determination device and computer equipment.
Background
At present, with the continuous cross fusion of industrialization and informatization processes, more and more information technologies are applied to the industrial field. Meanwhile, as the industrial control system widely adopts general software and hardware and network facilities and is integrated with an enterprise management information system, the industrial control system is more and more open and generates data exchange with an enterprise intranet or even the internet, and therefore, in order to guarantee the safe and stable operation of the industrial control equipment, industrial control vulnerability mining is started for the industrial control equipment so as to detect whether the industrial control equipment is vulnerable or not.
Aiming at the vulnerability mining technology of the industrial control equipment, the relatively authoritative Achilles test method of Wurldtech is mainly used for carrying out vulnerability mining on the industrial control protocol of the industrial control equipment. At present, vulnerability mining methods performed on industrial control protocols of industrial control equipment are classified into generation-based and variation-based methods, wherein a variation-based method is performed after packet capture analysis is performed under normal flow, but the variation-based method is not applicable to encrypted messages, and when the existing vulnerability mining technology is used for testing the messages, mining processing is still performed on the encrypted messages, so that processing resources are wasted, and the overall mining testing efficiency is influenced.
Disclosure of Invention
In view of this, in order to overcome the defects that the existing vulnerability mining method based on variation cannot screen whether a message is encrypted or not, so that the vulnerability mining process still mines the encrypted message, thereby wasting processing resources and affecting the overall mining test efficiency, embodiments of the present invention provide a data message encryption determination method, apparatus, and computer device.
According to a first aspect, an embodiment of the present invention provides a data message encryption determination method, including: acquiring a plurality of messages transmitted by the tested equipment; sequentially extracting data of the nth unit of the plurality of messages according to a preset unit to form N number groups, wherein the value of N is determined according to the message with the minimum length, and the value range of N is 1-N; respectively calculating the information entropy of each array according to the message data in each array; and determining whether the plurality of messages are encrypted according to the information entropy of each array.
Optionally, the step of calculating the information entropy of each array according to the message data in each array includes: counting the probability of data occurrence of each unit in each array; and respectively calculating the information entropy of each array according to the probability.
Optionally, the information entropy of each array is calculated by the following formula:
H(x)=-∑P(xi)log(2,P(xi))(i=1,2,..N),
wherein, h (x) is the information entropy of the array, p (xi) is the probability of the data of the unit xi in the array, the value range of xi is 1-M, M is the size of the array, and N is the total number of unit data of the message with the minimum length.
Optionally, determining whether the multiple packets are encrypted according to the information entropy of each array includes: judging whether the information entropy of each array is larger than a preset threshold value; and if the information entropy of each array is larger than a preset threshold value, determining that the plurality of messages are encrypted.
Optionally, if the information entropies of the arrays are not all greater than the preset threshold, determining that the multiple messages are not encrypted.
According to a second aspect, an embodiment of the present invention provides a data message encryption determination apparatus, including: the acquisition module is used for acquiring a plurality of messages transmitted by the tested equipment; the extraction module is used for sequentially extracting the data of the nth unit of the plurality of messages according to a preset unit to form N number groups, the value of N is determined according to the message with the minimum length, and the value range of N is 1-N; the calculation module is used for respectively calculating the information entropy of each array according to the message data in each array; and the determining module is used for determining whether the plurality of messages are encrypted according to the information entropy of each array.
Optionally, the computing module comprises: the statistic submodule is used for counting the probability of data occurrence of each unit in each array; and the calculating submodule is used for respectively calculating the information entropy of each array according to the probability.
Optionally, the determining module includes: the judgment submodule is used for judging whether the information entropy of each array is larger than a preset threshold value; and the determining submodule is used for determining that the plurality of messages are encrypted if the information entropy of each array is greater than a preset threshold value.
According to a third aspect, an embodiment of the present invention provides a computing device, including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by a processor, and the instructions are executed by at least one processor to cause the at least one processor to execute the method for determining encryption of data packets according to the first aspect or any embodiment of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where computer instructions are stored, and the computer instructions are configured to cause a computer to execute the data packet encryption determination method in the first aspect or any implementation manner of the first aspect.
According to the data message encryption determination method, the data message encryption determination device and the computer equipment, a plurality of messages transmitted by the tested equipment are obtained; sequentially extracting data of the nth unit of the plurality of messages according to a preset unit to form N number groups, wherein the value of N is determined according to the message with the minimum length, and the value range of N is 1-N; respectively calculating the information entropy of each array according to the message data in each array; the method determines whether a plurality of messages are encrypted according to the information entropy of each array, judges whether the data messages are encrypted by utilizing the randomness principle of the encrypted messages, and has strong randomness of data, so that the information entropy of the arrays obtained by cutting in the longitudinal direction is very large after the plurality of encrypted messages are aligned in the longitudinal direction, but the plurality of messages without encryption have fixed meanings in each field, so that the value range is limited, the information entropy of the arrays obtained by cutting in the longitudinal direction is very small after the plurality of encrypted messages are aligned in the longitudinal direction, and by the characteristics, whether the plurality of messages are encrypted can be simply and quickly determined, so that the encrypted messages can be screened, thereby solving the problem that the existing vulnerability mining method based on variation can not screen whether the messages are encrypted or not, and leading the vulnerability mining process to still mine the encrypted messages, thereby causing the problems of resource waste and influencing the whole excavation test efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 shows a flowchart of a data packet encryption determination method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating the process of calculating information entropy according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a determination that multiple messages are encrypted according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a determination that a plurality of messages are not encrypted according to an embodiment of the present invention;
fig. 5 is a block diagram showing a structure of a data packet encryption determination apparatus according to an embodiment of the present invention;
FIG. 6 shows a block diagram of the hardware of the computer device of an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An embodiment of the present invention provides a data message encryption determination method, as shown in fig. 1, including:
s101, acquiring a plurality of messages transmitted by the tested equipment; specifically, one end of the testing device can be connected with the tested equipment, the other end of the testing device is connected with the upper computer, the testing device is used for obtaining a data stream sent to the tested equipment by the upper computer to obtain messages, and one data stream comprises a plurality of messages. The number M of the specifically acquired messages is related to the number of bits of the data of the messages participating in the operation, and the relational expression is as follows: m < 2BAnd B is the bit number of the message data participating in calculation. For example, when calculating in single byte numbers, M is less than 28(28256) when calculated in double-byte numbers, M is less than 216(21665536). In the embodiment of the present invention, M < 256 is taken as an example for illustration, but the invention is not limited thereto, and the value of M is also within the protection scope of the present patent applicationInside the enclosure.
S102, sequentially extracting data of the nth unit of a plurality of messages according to a preset unit to form N number groups, wherein the value of N is determined according to the message with the minimum length, and the value range of N is 1-N; specifically, the preset unit may be a byte, a double byte, or the like. In the embodiment of the present invention, a byte is taken as an example for explanation. As shown in fig. 2, in the embodiment of the present invention, the nth bytes of a plurality of messages are sequentially extracted in units of bytes and stored in an array, so that N arrays are formed in total. The value range of N is 1-N, N is the total number of bytes of the message with the minimum length, and the size of each group of arrays is M.
S103, respectively calculating the information entropy of each array according to the message data in each array; specifically, as shown in fig. 2, the information entropy of each array may be calculated according to the probability of occurrence of each packet data in each array, and the information entropy of each array may be stored as an entropy array.
And S104, determining whether the plurality of messages are encrypted according to the information entropy of each array. Specifically, the encrypted messages have strong data randomness, so that after the encrypted messages are aligned in the longitudinal direction, the information entropy of the array obtained by cutting in the longitudinal direction is very large, while the unencrypted messages have no fixed meaning in each field, so that the value range is limited, and after the encrypted messages are aligned in the longitudinal direction, the information entropy of the array obtained by cutting in the longitudinal direction is very small, so that whether the messages are encrypted can be determined through the characteristic.
The data message encryption determination method provided by the embodiment of the invention obtains a plurality of messages transmitted by the tested equipment; sequentially extracting data of the nth unit of the plurality of messages according to a preset unit to form N number groups, wherein the value of N is determined according to the message with the minimum length, and the value range of N is 1-N; respectively calculating the information entropy of each array according to the message data in each array; the method determines whether a plurality of messages are encrypted according to the information entropy of each array, judges whether the data messages are encrypted by utilizing the randomness principle of the encrypted messages, and has strong randomness of data, so that the information entropy of the arrays obtained by cutting in the longitudinal direction is very large after the plurality of encrypted messages are aligned in the longitudinal direction, but the plurality of messages without encryption have fixed meanings in each field, so that the value range is limited, the information entropy of the arrays obtained by cutting in the longitudinal direction is very small after the plurality of encrypted messages are aligned in the longitudinal direction, and by the characteristics, whether the plurality of messages are encrypted can be simply and quickly determined, so that the encrypted messages can be screened, thereby solving the problem that the existing vulnerability mining method based on variation can not screen whether the messages are encrypted or not, and leading the vulnerability mining process to still mine the encrypted messages, thereby causing the problems of resource waste and influencing the whole excavation test efficiency.
In an alternative embodiment, step S103, respectively calculating the information entropy of each array according to the packet data in each array, includes: counting the probability of data occurrence of each unit in each array; and respectively calculating the information entropy of each array according to the probability. Specifically, probability statistics is carried out on each byte data in each array, and the probability P (xi) of each byte data appearing in the corresponding array is counted, wherein the value range of xi is 1-M. And then, calculating the information entropy of each array according to the calculated probability of each byte data of each array and an information entropy calculation formula.
In an alternative embodiment, the information entropy of each array is calculated by the following formula:
H(x)=-∑P(xi)log(2,P(xi))(i=1,2,..N),
wherein, h (x) is the information entropy of the array, p (xi) is the probability of the data of the unit xi in the array, the value range of xi is 1-M, M is the size of the array, and N is the total number of unit data of the message with the minimum length.
In an alternative embodiment, step S104, determining whether multiple packets are encrypted according to the information entropy of each array includes: judging whether the information entropy of each array is larger than a preset threshold value; and if the information entropy of each array is larger than a preset threshold value, determining that the plurality of messages are encrypted. And if the information entropies of the arrays are not all larger than the preset threshold value, determining that the plurality of messages are not encrypted. Specifically, as shown in fig. 3 to 4, an entropy threshold K may be set, and when the values of all data in the entropy array are greater than K, it is determined that the data of the multiple packets are encrypted, otherwise, the packets are unencrypted.
An embodiment of the present invention further provides a data message encryption determining apparatus, as shown in fig. 5, including:
the acquiring module 21 is configured to acquire multiple messages transmitted by the device under test; the detailed description of the specific implementation manner is given in step S101 in the above method embodiment, and is not repeated here.
The extracting module 22 is configured to sequentially extract data of an nth unit of the multiple messages according to a preset unit to form N number groups, a value of N is determined according to a message with a minimum length, and a value range of N is 1-N; the detailed description of the specific implementation manner is given in step S102 in the above method embodiment, and is not repeated here.
The calculation module 23 is configured to calculate the information entropy of each array according to the message data in each array; the detailed implementation manner is described in step S103 in the above method embodiment, and is not described herein again.
And the determining module 24 is configured to determine whether the multiple messages are encrypted according to the information entropy of each array. The detailed description of the specific implementation manner is given in step S104 in the above method embodiment, and is not repeated here.
The data message encryption determination device provided by the embodiment of the invention obtains a plurality of messages transmitted by the tested equipment; sequentially extracting data of the nth unit of the plurality of messages according to a preset unit to form N number groups, wherein the value of N is determined according to the message with the minimum length, and the value range of N is 1-N; respectively calculating the information entropy of each array according to the message data in each array; the method determines whether a plurality of messages are encrypted according to the information entropy of each array, judges whether the data messages are encrypted by utilizing the randomness principle of the encrypted messages, and has strong randomness of data, so that the information entropy of the arrays obtained by cutting in the longitudinal direction is very large after the plurality of encrypted messages are aligned in the longitudinal direction, but the plurality of messages without encryption have fixed meanings in each field, so that the value range is limited, the information entropy of the arrays obtained by cutting in the longitudinal direction is very small after the plurality of encrypted messages are aligned in the longitudinal direction, and by the characteristics, whether the plurality of messages are encrypted can be simply and quickly determined, so that the encrypted messages can be screened, thereby solving the problem that the existing vulnerability mining method based on variation can not screen whether the messages are encrypted or not, and leading the vulnerability mining process to still mine the encrypted messages, thereby causing the problems of resource waste and influencing the whole excavation test efficiency.
In an alternative embodiment, the calculation module 23 includes: the statistic submodule is used for counting the probability of data occurrence of each unit in each array; and the calculating submodule is used for respectively calculating the information entropy of each array according to the probability.
In an alternative embodiment, the determination module 24 includes: the judgment submodule is used for judging whether the information entropy of each array is larger than a preset threshold value; and the determining submodule is used for determining that the plurality of messages are encrypted if the information entropy of each array is greater than a preset threshold value.
An embodiment of the present invention further provides a computing device, as shown in fig. 6, including: at least one processor 31; and a memory 32 communicatively coupled to the at least one processor; fig. 6 illustrates an example of connection via a bus.
The processor 31 may be a Central Processing Unit (CPU). The Processor 31 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 32 is a non-transitory computer readable storage medium, and can be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the data packet encryption determination method in the embodiment of the present invention. The processor 31 executes various functional applications and data processing of the processor by running the non-transitory software program, instructions and modules stored in the memory 32, that is, implements the data packet encryption determination method in the above method embodiment.
The memory 32 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 31, and the like. Further, the memory 32 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 32 may optionally include memory located remotely from the processor 31, and these remote memories may be connected to the processor 31 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more of the modules described above are stored in the memory 32 and, when executed by the processor 31, perform the data packet encryption decision method in the embodiment shown in fig. 1.
The details of the computer device can be understood with reference to the corresponding related descriptions and effects in the embodiment shown in fig. 1, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (10)
1. A method for determining encryption of a data message, comprising:
acquiring a plurality of messages transmitted by the tested equipment;
sequentially extracting data of the nth unit of the plurality of messages according to a preset unit to form N number groups, wherein the value of N is determined according to the message with the minimum length, and the value range of N is 1-N;
respectively calculating the information entropy of each array according to the message data in each array;
and determining whether the plurality of messages are encrypted according to the information entropy of each array.
2. The method for determining encryption of data packets according to claim 1, wherein said calculating the entropy of each array according to the packet data in each array comprises:
counting the probability of data occurrence of each unit in each array;
and respectively calculating the information entropy of each array according to the probability.
3. The method according to claim 2, wherein the entropy of each array is calculated by the following formula:
H(x)=-∑P(xi)log(2,P(xi))(i=1,2,..N)
wherein, h (x) is the information entropy of the array, p (xi) is the probability of the data of the unit xi in the array, the value range of xi is 1-M, M is the size of the array, and N is the total number of unit data of the message with the minimum length.
4. The method for determining encryption of data packets according to any one of claims 1 to 3, wherein the determining whether the plurality of packets are encrypted according to the entropy of the information of each array includes:
judging whether the information entropy of each array is larger than a preset threshold value;
and if the information entropy of each array is larger than a preset threshold value, determining that the plurality of messages are encrypted.
5. The method of claim 4, wherein the message encryption decision is performed,
and if the information entropies of the arrays are not all larger than a preset threshold value, determining that the messages are not encrypted.
6. A data message encryption decision device, comprising:
the acquisition module is used for acquiring a plurality of messages transmitted by the tested equipment;
the extraction module is used for sequentially extracting the data of the nth unit of the plurality of messages according to a preset unit to form N number groups, the value of N is determined according to the message with the minimum length, and the value range of N is 1-N;
the calculation module is used for respectively calculating the information entropy of each array according to the message data in each array;
and the determining module is used for determining whether the plurality of messages are encrypted according to the information entropy of each array.
7. The apparatus for determining encryption of data packets according to claim 6, wherein the computing module comprises:
the statistic submodule is used for counting the probability of data occurrence of each unit in each array;
and the calculating submodule is used for respectively calculating the information entropy of each array according to the probability.
8. The apparatus for determining encryption of data packets according to claim 6, wherein the determining module comprises:
the judgment submodule is used for judging whether the information entropy of each array is larger than a preset threshold value;
and the determining submodule is used for determining that the plurality of messages are encrypted if the information entropy of each array is larger than a preset threshold value.
9. A computing device, comprising:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method of data packet encryption determination of any one of claims 1-5.
10. A computer-readable storage medium storing computer instructions for causing a computer to execute the data packet encryption decision method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010533234.8A CN113810336A (en) | 2020-06-11 | 2020-06-11 | Data message encryption determination method and device and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010533234.8A CN113810336A (en) | 2020-06-11 | 2020-06-11 | Data message encryption determination method and device and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113810336A true CN113810336A (en) | 2021-12-17 |
Family
ID=78943886
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010533234.8A Pending CN113810336A (en) | 2020-06-11 | 2020-06-11 | Data message encryption determination method and device and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113810336A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115033888A (en) * | 2022-06-21 | 2022-09-09 | 苏州浪潮智能科技有限公司 | Entropy-based firmware encryption detection method and device, computer equipment and medium |
| CN115174451A (en) * | 2022-07-19 | 2022-10-11 | 中国工商银行股份有限公司 | Message encryption detection method, device, equipment, storage medium and program product |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105430021A (en) * | 2015-12-31 | 2016-03-23 | 中国人民解放军国防科学技术大学 | Encrypted traffic identification method based on load adjacent probability model |
| CN105721242A (en) * | 2016-01-26 | 2016-06-29 | 国家信息技术安全研究中心 | Information entropy-based encrypted traffic identification method |
| CN108171060A (en) * | 2017-12-29 | 2018-06-15 | 哈尔滨安天科技股份有限公司 | Method, system and the storage medium of encryption deformation script are identified based on comentropy |
-
2020
- 2020-06-11 CN CN202010533234.8A patent/CN113810336A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105430021A (en) * | 2015-12-31 | 2016-03-23 | 中国人民解放军国防科学技术大学 | Encrypted traffic identification method based on load adjacent probability model |
| CN105721242A (en) * | 2016-01-26 | 2016-06-29 | 国家信息技术安全研究中心 | Information entropy-based encrypted traffic identification method |
| CN108171060A (en) * | 2017-12-29 | 2018-06-15 | 哈尔滨安天科技股份有限公司 | Method, system and the storage medium of encryption deformation script are identified based on comentropy |
Non-Patent Citations (2)
| Title |
|---|
| 赵博等: "基于加权累积和检验的加密流量盲识别算法", 《软件学报》 * |
| 陈利等: "基于信息熵的加密会话检测方法", 《计算机科学》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115033888A (en) * | 2022-06-21 | 2022-09-09 | 苏州浪潮智能科技有限公司 | Entropy-based firmware encryption detection method and device, computer equipment and medium |
| CN115174451A (en) * | 2022-07-19 | 2022-10-11 | 中国工商银行股份有限公司 | Message encryption detection method, device, equipment, storage medium and program product |
| CN115174451B (en) * | 2022-07-19 | 2024-02-27 | 中国工商银行股份有限公司 | Message encryption detection method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112003870B (en) | Network encryption traffic identification method and device based on deep learning | |
| CN111277570A (en) | Data security monitoring method and device, electronic equipment and readable medium | |
| US20190222603A1 (en) | Method and apparatus for network forensics compression and storage | |
| US11546372B2 (en) | Method, system, and apparatus for monitoring network traffic and generating summary | |
| CN110808994B (en) | Method and device for detecting brute force cracking operation and server | |
| CN112839017B (en) | Network attack detection method and device, equipment and storage medium thereof | |
| CN106330611A (en) | Anonymous protocol classification method based on statistical feature classification | |
| CN113810336A (en) | Data message encryption determination method and device and computer equipment | |
| CN113114671A (en) | Cloud data security identification and classification method | |
| EP3823217A1 (en) | Network flow measurement method, network measurement device and control plane device | |
| US20160205118A1 (en) | Cyber black box system and method thereof | |
| CN111324809A (en) | Hotspot information monitoring method, device and system | |
| Zhang et al. | RTMA: Real time mining algorithm for multi-step attack scenarios reconstruction | |
| Han et al. | A DDoS attack detection system based on spark framework | |
| CN113806204B (en) | Method, device, system and storage medium for evaluating message segment correlation | |
| CN109361658B (en) | Industrial control industry-based abnormal flow information storage method and device and electronic equipment | |
| CN112104628A (en) | Adaptive feature rule matching real-time malicious flow detection method | |
| CN111885034A (en) | Internet of things attack event tracking method and device and computer equipment | |
| CN110990223A (en) | Monitoring alarm method and device based on system log | |
| CN113810332B (en) | Encrypted data message judging method and device and computer equipment | |
| CN116506276A (en) | Mining method and system for relevance of alarm data | |
| CN110225025B (en) | Method and device for acquiring abnormal network data behavior model, electronic equipment and storage medium | |
| CN114268484A (en) | Malicious encrypted flow detection method and device, electronic equipment and storage medium | |
| CN113778671A (en) | Log data processing method, system and device | |
| CN111639277A (en) | Automated extraction method of machine learning sample set and computer-readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211217 |