CN115085974A - Flow confusion method and device - Google Patents

Flow confusion method and device Download PDF

Info

Publication number
CN115085974A
CN115085974A CN202210557309.5A CN202210557309A CN115085974A CN 115085974 A CN115085974 A CN 115085974A CN 202210557309 A CN202210557309 A CN 202210557309A CN 115085974 A CN115085974 A CN 115085974A
Authority
CN
China
Prior art keywords
confusion
data
obfuscation
flow
obfuscated data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210557309.5A
Other languages
Chinese (zh)
Inventor
罗蛟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WUHAN HONGXU INFORMATION TECHNOLOGY CO LTD
Original Assignee
WUHAN HONGXU INFORMATION TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WUHAN HONGXU INFORMATION TECHNOLOGY CO LTD filed Critical WUHAN HONGXU INFORMATION TECHNOLOGY CO LTD
Priority to CN202210557309.5A priority Critical patent/CN115085974A/en
Publication of CN115085974A publication Critical patent/CN115085974A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a flow confusion method and a device, wherein the method comprises the following steps: performing confusion processing on input flow to determine first confusion data; adding characteristic information to the first obfuscated data to determine second obfuscated data; performing obfuscation processing on the second obfuscated data to determine third obfuscated data; and encrypting the third obfuscated data to determine target data. According to the flow confusion method and the flow confusion device, the flow of the intelligent equipment is subjected to confusion processing and encryption processing for multiple times, so that plaintext information can be prevented from being leaked, analysis and extraction of user data can be effectively resisted, and the user data and privacy behaviors are protected.

Description

Flow confusion method and device
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a traffic confusion method and apparatus.
Background
In the information technology era, the quantity of smart phones kept is increasing in addition to traditional PCs and servers. New smart devices are emerging in smart homes, smart cities and car networking. Meanwhile, the popularization of 5G also enables the application flow to have explosive growth. The traffic of these applications contains a large amount of user privacy and behavior data, and is vulnerable to sniffing and eavesdropping by network attackers. An attacker can identify and extract privacy and behavior data of a user through network traffic analysis.
The flow confusion can effectively deal with the privacy disclosure risk in the data transmission process, and protect the privacy and behavior data of the user from being stolen.
The typical traffic confusion technology comprises three technologies of randomization, mimicry and tunneling. The identification of the traffic confusion technology mainly includes a deep packet inspection technology (DPI), a behavior pattern-based identification technology, and a machine learning-based traffic identification technology.
The existing obfuscation technology does not comprehensively consider the application of obfuscation and encryption, and the implementation of the comprehensive reverse technology can cause some plaintext information to be leaked. In addition, some confusion needs to carry a large number of parameters, new data characteristics are introduced, and the introduction of a large amount of random data causes the reduction of network throughput and more resource overhead.
Disclosure of Invention
The invention provides a flow confusion method and a flow confusion device, which are used for solving the defects that plaintext information is possibly leaked, new data characteristics are introduced, the network throughput is reduced, and the resource overhead is increased in the prior art, and realizing a better flow confusion effect.
The invention provides a flow confusion method, which comprises the following steps:
performing confusion processing on input flow to determine first confusion data;
adding characteristic information to the first obfuscated data, and determining second obfuscated data;
performing obfuscation processing on the second obfuscated data to determine third obfuscated data;
and encrypting the third obfuscated data to determine target data.
In some embodiments, the obfuscating the input traffic to determine first obfuscated data includes:
performing confusion processing on input flow based on a preset confusion method list, and determining first confusion data;
the preset confusion method list comprises a confusion method, a confusion method ID and a confusion parameter corresponding to the confusion method.
In some embodiments, the obfuscation method includes at least one of:
random key obfuscation, traffic interleaving obfuscation, cut-distortion obfuscation, or idle traffic masquerading.
In some embodiments, the adding feature information to the first obfuscated data and determining second obfuscated data includes:
and adding a flow address, a protocol, an obfuscating method ID and obfuscating parameter information to the first obfuscated data to determine second obfuscated data.
In some embodiments, the encrypting the third obfuscated data to determine the target data includes:
based on a preset encryption method list, carrying out encryption processing on the third obfuscated data to determine target data;
the preset encryption method list comprises an encryption method, an encryption method ID and an encryption parameter corresponding to the encryption method.
The invention also provides a flow confusion device, comprising:
the device comprises a first determining module, a second determining module and a third determining module, wherein the first determining module is used for performing confusion processing on input flow and determining first confusion data;
the second determination module is used for adding characteristic information to the first obfuscated data and determining second obfuscated data;
a third determining module, configured to perform obfuscation processing on the second obfuscated data to determine third obfuscated data;
and the fourth determining module is used for encrypting the third obfuscated data to determine target data.
In some embodiments, the first determining module is specifically configured to:
performing confusion processing on input flow based on a preset confusion method list, and determining first confusion data;
the preset confusion method list comprises a confusion method, a confusion method ID and a confusion parameter corresponding to the confusion method.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to implement the flow obfuscation method as described in any one of the above.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method of traffic obfuscation as described in any of the above.
The invention also provides a computer program product comprising a computer program which, when executed by a processor, implements a method of traffic obfuscation as described in any one of the above.
According to the flow confusion method and the flow confusion device, the flow of the intelligent equipment is subjected to confusion processing and encryption processing for multiple times, so that plaintext information can be prevented from being leaked, analysis and extraction of user data can be effectively resisted, and the user data and privacy behaviors are protected.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of a flow obfuscation method provided by the present invention;
FIG. 2 is a schematic diagram of a flow obfuscation system provided by the present invention;
FIG. 3 is a second schematic flow chart of a traffic obfuscation method according to the present invention;
FIG. 4 is a schematic structural diagram of a flow obfuscator provided by the present invention;
fig. 5 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The flow obfuscation method and apparatus provided by the present invention are described below with reference to fig. 1-5.
Fig. 1 is a schematic flow diagram of a traffic obfuscation method provided by the present invention, and referring to fig. 1, the traffic obfuscation method provided by the present invention may include:
step 110, performing confusion processing on input flow to determine first confusion data;
step 120, adding characteristic information to the first obfuscated data, and determining second obfuscated data;
step 130, performing obfuscation processing on the second obfuscated data to determine third obfuscated data;
and step 140, encrypting the third obfuscated data to determine target data.
It should be noted that the execution subject of the flow obfuscation method provided by the present invention may be an electronic device, a component in an electronic device, an integrated circuit, or a chip. The electronic device may be a mobile electronic device or a non-mobile electronic device. By way of example, the mobile electronic device may be a mobile phone, a tablet computer, a notebook computer, a palm top computer, a vehicle-mounted electronic device, a wearable device, an ultra-mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), and the like, and the non-mobile electronic device may be a server, a Network Attached Storage (NAS), a personal computer (personal computer, PC), a Television (TV), a teller machine, a self-service machine, and the like, and the present invention is not limited in particular.
In step 110, the incoming traffic is obfuscated to determine first obfuscated data.
The input traffic may be traffic generated when a user uses the smart device, and the input traffic contains a large amount of user privacy and behavior data.
And carrying out primary confusion processing on the input flow, eliminating the original message characteristic and the behavior characteristic of the input flow, and generating first confusion data.
In step 120, characteristic information is added to the first obfuscated data, and second obfuscated data is determined.
And adding characteristic information to the first obfuscated data to generate second obfuscated data. The characteristic information may be the address of the traffic, the protocol, the obfuscation method ID, obfuscation parameter information, etc. so that the message can be delivered to the correct destination and correctly recovered.
In step 130, the obfuscating process is performed on the second obfuscated data to determine third obfuscated data.
The second obfuscated data is further obfuscated to eliminate message features introduced in step 120, generating third obfuscated data.
In step 140, the third obfuscated data is encrypted to determine the target data.
And encrypting the third obfuscated data to generate target data so as to eliminate the plaintext characteristics of the message.
And the generated target data is sent to a transmission module for connection, and finally sent to an anti-obfuscator at the opposite end for corresponding inverse processing and then sent to a correct destination.
According to the flow confusion method provided by the embodiment of the invention, through carrying out multiple confusion processing and encryption processing on the flow of the intelligent equipment, plaintext information can be prevented from being leaked, analysis and extraction on user data can be effectively resisted, and protection on the user data and privacy behaviors is realized.
In some embodiments, obfuscating the incoming traffic to determine first obfuscated data includes:
performing confusion processing on input flow based on a preset confusion method list, and determining first confusion data;
the preset confusion method list comprises a confusion method, a confusion method ID and a confusion parameter corresponding to the confusion method.
The preset confusion method list comprises one or more confusion methods, and input flow is subjected to confusion processing in sequence according to the confusion methods in the preset confusion method list to obtain first confusion data after preliminary confusion.
Understandably, in the preset confusion method list, the confusion methods are sorted according to a preset sequence, and the preset confusion method list comprises the confusion methods, the confusion method IDs and the confusion parameters corresponding to the confusion methods.
And according to the sequence in the preset confusion method list, carrying out confusion processing by sequentially adopting the flow input by the confusion method, eliminating the original message characteristic and the behavior characteristic of the input flow, and obtaining the first confusion data after the initial confusion.
In some embodiments, the obfuscation method includes at least one of:
random key obfuscation, traffic interleaving obfuscation, cut-distortion obfuscation, or idle traffic masquerading.
Random sequence obfuscation is to encrypt input data with a random sequence, where the manner of generating the random sequence is not specified. There are typically two ways: the random sequence may be a fixed numerical string generated by a pseudo-random number generator and a random seed, the random sequence may also be a dictionary and a random offset, the random key and the dictionary are not sent as traffic, and the encryption process may be any reversible operation, such as exclusive or, addition, or cyclic shift.
The following is more specifically described as an example:
the input is an 8-bit byte sequence: s1, S2, …, Sn;
dictionary confusion parameter: data file a.dat;
the 8-bit byte sequence of the dictionary starting from the random offset RN is: d1, D2, …, Dn;
obfuscating the encryption process used is modulo 256 addition;
the generated 8-bit byte sequence is: (S1+ D1) mod 256, (S2+ D2) mod 256, …, (Sn + Dn) mod 256.
Traffic interleaving confusion interleaves together data from different streams of a user, which may be different protocols, and the output result may be such for data interleaving of two streams: the first byte is the first byte of stream a, the second byte is the first byte of stream B, the third byte is the second byte of stream a, the fourth byte is the second byte of stream B, and so on.
The following is more specifically described as an example:
three streams: FTP data flow A, HTTP flow B, HTTPS flow C;
the data of each stream is divided into data blocks of fixed size m:
A1,A2,…,Ai,...
B1,B2,…,Bi,…
C1,C2,…,Ci,…
the data blocks Ai, Bi, Ci are 8-bit byte sequences:
ai1,ai2,…aim
bi1,bi2,…bim
ci1,ci2,…cim
the interleaved data block Oi is
ai1,bi1,ci1,…aim,bim,cim
In practice, the data blocks of each stream may be interleaved with the data blocks of any stream.
Traffic interleaving confusion eliminates data characteristics by confusing data of different streams of users, and simultaneously does not introduce a large amount of random data, thereby avoiding network throughput reduction and resource overhead increase.
The cutting deformation confusion is to arrange input data into x y byte matrixes, fill the shortage, cut the input data into m x n small matrixes, and perform row and column shift processing on the small matrixes.
The following is more specifically described as an example:
the input is an 8-bit byte sequence: s1, S2, …, Sn, wherein n is 1400;
8-bit byte matrix arranged as 20 × 70:
S1,…,S70
……
S1331,…,S1400
cutting into 2 × 7 small matrixes, wherein each small matrix is 10 × 10;
M1,M2,M3,M4,M5,M6,M7
M8,M9,M10,M11,M12,M13,M14
the row-column shift process, which starts to swap 2 matrices from each row, generates:
M2,M1,M4,M3,M6,M5,M7
M9,M8,M11,M10,M13,M12,M14
and carrying out idle flow disguising, wherein random flow is generated when no input data exceeds a time threshold or the average flow rate in unit time is lower than a rate threshold so as to hide the generation frequency of original data. The idle flow disguise generates random data only when necessary, so that the influence on the normal use of the system can be avoided.
The confusion methods include, but are not limited to, the above four confusion methods, and each confusion method can be used by being superimposed in an order established by a preset confusion method list.
According to the traffic confusion method provided by the embodiment of the invention, the traffic of the intelligent device is subjected to confusion processing by a plurality of confusion methods in the preset confusion method list, so that the original message and the behavior characteristics of the application load can be eliminated, the analysis and extraction of user data can be effectively resisted, and the protection of the user data and the privacy behaviors is realized.
In some embodiments, adding the characteristic information to the first obfuscated data, determining second obfuscated data, comprises:
and adding a flow address, a protocol, an obfuscating method ID and obfuscating parameter information to the first obfuscated data to determine second obfuscated data.
Adding the address, protocol and confusion method ID of the flow to the first confusion data, and associating the address and the protocol of the flow by using the session ID. The obfuscation method ID is associated with an obfuscation method and an obfuscation parameter.
The following is more specifically described as an example:
the generated data is obfuscated a certain time to add information as follows:
the session ID1| | the session ID2| | | obfuscates the method ID1| | | obfuscated data blocks.
The traffic confusion method provided by the embodiment of the invention adds the traffic address, protocol, confusion method ID and confusion parameter information to the confused data, so that the message can be sent to the correct destination and can be correctly recovered.
In some embodiments, encrypting the third obfuscated data to determine the target data includes:
based on a preset encryption method list, carrying out encryption processing on the third obfuscated data to determine target data;
the preset encryption method list comprises an encryption method, an encryption method ID and an encryption parameter corresponding to the encryption method.
The preset encryption method list comprises one or more encryption methods, and the input third obfuscated data is sequentially encrypted according to the encryption methods in the preset encryption method list to obtain final target data.
Understandably, in the preset encryption method list, the encryption methods are ordered according to a preset sequence, and the preset encryption method list includes the encryption methods, the encryption method IDs and the encryption parameters corresponding to the encryption methods.
And according to the sequence in the preset encryption method list, sequentially adopting the encryption methods to encrypt the third obfuscated data to obtain final target data.
According to the traffic obfuscation method provided by the embodiment of the invention, after obfuscating the input traffic, encryption processing is performed, application of obfuscation and encryption is comprehensively considered, obfuscation protection is performed on data of a user based on various obfuscation and encryption means, and the leakage risk of user privacy and behavior data can be dealt with.
Fig. 2 is a schematic structural diagram of a flow obfuscation system provided by the present invention, and referring to fig. 2, the flow obfuscation system provided by the present invention may include:
the system comprises a first obfuscation module, an agent module, a second obfuscation module, an encryption module and an obfuscation policy server.
The first confusion module interacts with the agent module to realize the preliminary confusion of the user load data;
the agent module interacts with the second confusion module and adds characteristic information to the preliminarily confused data, so that the message can be sent to a correct destination and is correctly recovered;
the second confusion module interacts with the encryption module, further confuses the input data generated by the agent module to eliminate the message characteristics introduced by the agent module, and sends the generated data to the encryption module;
the encryption module interacts with the confusion policy server and encrypts data generated by the second confusion module to eliminate the plaintext characteristics of the message;
the confusion strategy server interacts with the first confusion module, the second confusion module and the encryption module and issues the confusion method, the confusion parameter, the encryption method and the encryption parameter.
The flow obfuscation system provided by the invention can be divided into an obfuscation strategy synchronization stage and a data processing stage.
1. In the confusion strategy synchronization stage, the confusion strategy server communicates with the first confusion module, the second confusion module and the encryption module to synchronize the confusion strategies.
The obfuscation strategy comprises an ordered list of obfuscating or encryption methods, each obfuscating method comprises an obfuscation method ID and a corresponding obfuscation parameter; each encryption method includes an encryption method ID, a corresponding encryption parameter.
The first obfuscation module, the second obfuscation module, the encryption module perform a series of obfuscation or encryption processes based on this list.
The first confusion module, the agent module, the second confusion module and the encryption module form a confusion client. The obfuscation client is located at one end close to the user device and the corresponding obfuscation server is located at the other end far from the user device.
The confusion client performs confusion processing on the uplink data and performs corresponding de-confusion processing on the downlink data. The confusion server and the confusion client finish similar work, and perform confusion resolution on the uplink data and confusion processing on the downlink data.
The obfuscation client and the obfuscation policy server have initially synchronized obfuscation policies.
The obfuscation policy server may alter the obfuscation policy according to the needs of the user. The new confusion strategy is issued to the confusion client and the confusion server, and the new confusion strategy can be used after synchronization is completed.
The obfuscation policy server may also periodically alter the obfuscation policy to increase the difficulty of traffic identification.
2. In the data processing stage, the load data of the user firstly enters a first confusion module and is subjected to confusion operations of random encryption confusion, flow interleaving confusion, cutting deformation confusion and idle flow disguise.
The proxy module adds the address, protocol, obfuscation method ID of the traffic to the data generated by the first obfuscation module so that the message can be delivered to the correct destination.
The second obfuscation module further obfuscates the input data generated by the agent module to eliminate message features introduced by the agent module.
The encryption module encrypts the data generated by the second obfuscation module to eliminate a plaintext feature of the message.
According to the flow confusion system provided by the embodiment of the invention, through comprehensively considering the application of confusion and encryption, plaintext information is prevented from being leaked through the processing of the first confusion module, the second confusion module and the encryption module. Most of the obfuscated and encrypted parameters are synchronized using an obfuscation policy server, and the synchronized parameters are not carried in the traffic, but only need to be carried even if generated.
In addition, the traffic interleaving and confusion eliminates data characteristics by confusing data of different flows of users, a large amount of random data is not introduced, and traffic camouflage generates random data only when necessary at idle, thereby avoiding influencing the normal use of a system, and avoiding the reduction of network throughput and the increase of resource overhead.
Fig. 3 is a second schematic flow chart of the traffic confusion method provided by the present invention, and referring to fig. 3, the traffic confusion method provided by the present invention may include:
step 310, receiving an obfuscating policy of an obfuscating policy server, and performing obfuscation processing on input traffic, wherein the obfuscating processing includes one or more of random key obfuscation, traffic interleaving obfuscation, cutting deformation obfuscation, and idle traffic disguise;
step 320, adding flow address, protocol, confusion method ID and confusion parameter information to input data;
step 330, receiving the confusion strategy of the confusion strategy server, and performing secondary confusion on the input data to eliminate the message characteristics introduced by the agent module;
step 340, the input data is encrypted to eliminate the plaintext feature of the message.
According to the flow confusion method provided by the embodiment of the invention, through carrying out multiple confusion processing and encryption processing on the flow of the intelligent equipment, plaintext information can be prevented from being leaked, analysis and extraction on user data can be effectively resisted, and protection on the user data and privacy behaviors is realized.
The flow obfuscating device provided by the present invention is described below, and the flow obfuscating device described below and the flow obfuscating method described above may be referred to in correspondence.
Fig. 4 is a schematic structural diagram of a flow obfuscator provided by the present invention, and referring to fig. 4, the flow obfuscator provided by the present invention may include:
a first determining module 410, configured to perform obfuscation processing on an input flow to determine first obfuscated data;
a second determining module 420, configured to add feature information to the first obfuscated data, and determine second obfuscated data;
a third determining module 430, configured to perform obfuscation processing on the second obfuscated data to determine third obfuscated data;
and a fourth determining module 440, configured to perform encryption processing on the third obfuscated data to determine the target data.
According to the flow confusion device provided by the embodiment of the invention, through carrying out multiple confusion processing and encryption processing on the flow of the intelligent equipment, plaintext information can be prevented from being leaked, analysis and extraction on user data can be effectively resisted, and protection on the user data and privacy behaviors is realized.
In some embodiments, the first determining module 410 is specifically configured to:
performing confusion processing on input flow based on a preset confusion method list, and determining first confusion data;
the preset confusion method list comprises a confusion method, a confusion method ID and a confusion parameter corresponding to the confusion method.
In some embodiments, the obfuscation method includes at least one of:
random key obfuscation, traffic interleaving obfuscation, cut-distortion obfuscation, or idle traffic masquerading.
In some embodiments, the second determining module 420 is specifically configured to:
and adding a flow address, a protocol, an obfuscating method ID and obfuscating parameter information to the first obfuscated data to determine second obfuscated data.
In some embodiments, the fourth determining module 440 is specifically configured to:
based on a preset encryption method list, carrying out encryption processing on the third obfuscated data to determine target data;
the preset encryption method list comprises an encryption method, an encryption method ID and an encryption parameter corresponding to the encryption method.
Fig. 5 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 5: a processor (processor)510, a communication Interface (Communications Interface)520, a memory (memory)530 and a communication bus 540, wherein the processor 510, the communication Interface 520 and the memory 530 communicate with each other via the communication bus 540. Processor 510 may invoke logic instructions in memory 530 to perform a traffic obfuscation method comprising:
performing confusion processing on input flow to determine first confusion data;
adding characteristic information to the first obfuscated data to determine second obfuscated data;
performing obfuscation processing on the second obfuscated data to determine third obfuscated data;
and encrypting the third obfuscated data to determine target data.
Furthermore, the logic instructions in the memory 530 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product, the computer program product comprising a computer program, the computer program being storable on a non-transitory computer-readable storage medium, the computer program, when executed by a processor, being capable of executing the flow obfuscation method provided by the above methods, the method comprising:
performing confusion processing on input flow to determine first confusion data;
adding characteristic information to the first obfuscated data to determine second obfuscated data;
performing obfuscation processing on the second obfuscated data to determine third obfuscated data;
and encrypting the third obfuscated data to determine target data.
In yet another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program that, when executed by a processor, is implemented to perform a method of traffic obfuscation provided by the above methods, the method comprising:
performing confusion processing on input flow to determine first confusion data;
adding characteristic information to the first obfuscated data to determine second obfuscated data;
performing obfuscation processing on the second obfuscated data to determine third obfuscated data;
and encrypting the third obfuscated data to determine target data.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on the understanding, the above technical solutions substantially or otherwise contributing to the prior art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A method of traffic obfuscation, comprising:
performing confusion processing on input flow to determine first confusion data;
adding characteristic information to the first obfuscated data to determine second obfuscated data;
performing obfuscation processing on the second obfuscated data to determine third obfuscated data;
and encrypting the third obfuscated data to determine target data.
2. The method of traffic obfuscation according to claim 1, wherein the obfuscating an incoming traffic to determine first obfuscated data comprises:
performing confusion processing on input flow based on a preset confusion method list, and determining first confusion data;
the preset confusion method list comprises a confusion method, a confusion method ID and a confusion parameter corresponding to the confusion method.
3. A method of traffic obfuscation according to claim 2, wherein the obfuscation method includes at least one of:
random key obfuscation, traffic interleaving obfuscation, cut-distortion obfuscation, or idle traffic masquerading.
4. The method for traffic obfuscation according to claim 1, wherein the adding feature information to the first obfuscated data and determining second obfuscated data includes:
and adding a flow address, a protocol, an obfuscating method ID and obfuscating parameter information to the first obfuscated data to determine second obfuscated data.
5. The traffic obfuscation method according to claim 1, wherein the encrypting the third obfuscated data to determine target data includes:
based on a preset encryption method list, carrying out encryption processing on the third obfuscated data to determine target data;
the preset encryption method list comprises an encryption method, an encryption method ID and an encryption parameter corresponding to the encryption method.
6. A flow obfuscation device, comprising:
the device comprises a first determining module, a second determining module and a third determining module, wherein the first determining module is used for performing confusion processing on input flow and determining first confusion data;
the second determination module is used for adding characteristic information to the first obfuscated data and determining second obfuscated data;
a third determining module, configured to perform obfuscation processing on the second obfuscated data to determine third obfuscated data;
and the fourth determining module is used for encrypting the third obfuscated data to determine target data.
7. The flow obfuscation device of claim 6, wherein the first determination module is specifically configured to:
performing confusion processing on input flow based on a preset confusion method list, and determining first confusion data;
the preset confusion method list comprises a confusion method, a confusion method ID and a confusion parameter corresponding to the confusion method.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements a flow obfuscation method as in any one of claims 1 to 5.
9. A non-transitory computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the flow obfuscation method according to any one of claims 1 to 5.
10. A computer program product comprising a computer program, wherein the computer program when executed by a processor implements a method of flow obfuscation as in any one of claims 1 to 5.
CN202210557309.5A 2022-05-20 2022-05-20 Flow confusion method and device Pending CN115085974A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210557309.5A CN115085974A (en) 2022-05-20 2022-05-20 Flow confusion method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210557309.5A CN115085974A (en) 2022-05-20 2022-05-20 Flow confusion method and device

Publications (1)

Publication Number Publication Date
CN115085974A true CN115085974A (en) 2022-09-20

Family

ID=83249465

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210557309.5A Pending CN115085974A (en) 2022-05-20 2022-05-20 Flow confusion method and device

Country Status (1)

Country Link
CN (1) CN115085974A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117991652A (en) * 2024-04-03 2024-05-07 深圳市矽昊智能科技有限公司 Control method, device, storage medium and device of intelligent household equipment

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104166822A (en) * 2013-05-20 2014-11-26 阿里巴巴集团控股有限公司 Data protecting method and device
US20180060605A1 (en) * 2016-08-24 2018-03-01 International Business Machines Corporation Image obfuscation
CN109450931A (en) * 2018-12-14 2019-03-08 北京知道创宇信息技术有限公司 A kind of secure internet connection method, apparatus and PnP device
CN109768978A (en) * 2019-01-16 2019-05-17 武汉斗鱼鱼乐网络科技有限公司 A kind of method and relevant apparatus of obfuscated data
CN110149312A (en) * 2019-04-09 2019-08-20 北京奇艺世纪科技有限公司 Data processing method, device, system and computer readable storage medium
CN110175444A (en) * 2019-05-28 2019-08-27 吉林无罔生物识别科技有限公司 Iris-encoding and verification method, system and computer readable storage medium
CN110175573A (en) * 2019-05-28 2019-08-27 吉林无罔生物识别科技有限公司 The coding of face and iris and verification method, system and computer readable storage medium
CN111314050A (en) * 2018-12-11 2020-06-19 北京思源理想控股集团有限公司 Encryption and decryption method and device
CN112804184A (en) * 2019-11-13 2021-05-14 阿里巴巴集团控股有限公司 Data obfuscation method, device and equipment
CN113765940A (en) * 2021-11-08 2021-12-07 北京华云安信息技术有限公司 Flow obfuscation method, device and equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104166822A (en) * 2013-05-20 2014-11-26 阿里巴巴集团控股有限公司 Data protecting method and device
US20180060605A1 (en) * 2016-08-24 2018-03-01 International Business Machines Corporation Image obfuscation
CN111314050A (en) * 2018-12-11 2020-06-19 北京思源理想控股集团有限公司 Encryption and decryption method and device
CN109450931A (en) * 2018-12-14 2019-03-08 北京知道创宇信息技术有限公司 A kind of secure internet connection method, apparatus and PnP device
CN109768978A (en) * 2019-01-16 2019-05-17 武汉斗鱼鱼乐网络科技有限公司 A kind of method and relevant apparatus of obfuscated data
CN110149312A (en) * 2019-04-09 2019-08-20 北京奇艺世纪科技有限公司 Data processing method, device, system and computer readable storage medium
CN110175444A (en) * 2019-05-28 2019-08-27 吉林无罔生物识别科技有限公司 Iris-encoding and verification method, system and computer readable storage medium
CN110175573A (en) * 2019-05-28 2019-08-27 吉林无罔生物识别科技有限公司 The coding of face and iris and verification method, system and computer readable storage medium
CN112804184A (en) * 2019-11-13 2021-05-14 阿里巴巴集团控股有限公司 Data obfuscation method, device and equipment
CN113765940A (en) * 2021-11-08 2021-12-07 北京华云安信息技术有限公司 Flow obfuscation method, device and equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
邵必林;蔡婷;边根庆;王小飞;: "增强隐私保护度的数据混淆机制研究", 西安建筑科技大学学报(自然科学版), no. 01, pages 36 - 46 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117991652A (en) * 2024-04-03 2024-05-07 深圳市矽昊智能科技有限公司 Control method, device, storage medium and device of intelligent household equipment

Similar Documents

Publication Publication Date Title
CN105940439B (en) Countermeasure to side-channel attacks on cryptographic algorithms using permutation responses
CN108712412B (en) Database encryption and decryption methods and devices, storage medium and terminal
CN111245802B (en) Data transmission security control method, server and terminal
Shukla et al. Encryption algorithm in cloud computing
US8681975B2 (en) Encryption method and apparatus using composition of ciphers
EP3169017B1 (en) Split-and-merge approach to protect against dfa attacks
CN109981285B (en) Password protection method, password verification method and system
KR20200022018A (en) How to protect the encryption process using SBOX from high order side channel attacks
CN112115461B (en) Equipment authentication method and device, computer equipment and storage medium
US9363244B2 (en) Realizing authorization via incorrect functional behavior of a white-box implementation
US20230027142A1 (en) Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium
CN107368737A (en) A kind of processing method for preventing copy-attack, server and client
CN113726725A (en) Data encryption and decryption method and device, electronic equipment and storage medium
CN108667598B (en) Device and method for realizing secure key exchange and secure key exchange method
CN110365468B (en) Anonymization processing method, device, equipment and storage medium
CN115085974A (en) Flow confusion method and device
KR20150064042A (en) Method and device for digital data blocks encryption and decryption
Hamad et al. A modified playfair cipher for encrypting digital images
CN116455572B (en) Data encryption method, device and equipment
CN108964899B (en) Method and device for timing encryption of dynamic formula and multiple synchronous dynamic passwords
CN116248316A (en) File encryption method, file decryption method, device and storage medium
EP2940917A1 (en) Behavioral fingerprint in a white-box implementation
CN112910630B (en) Method and device for replacing expanded key
CN115632765A (en) Encryption method, decryption device, electronic equipment and storage medium
CN106161000A (en) The method and system that data file is encrypted and decrypted

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination