CN115567503B - HTTPS protocol analysis method based on flow analysis - Google Patents
HTTPS protocol analysis method based on flow analysis Download PDFInfo
- Publication number
- CN115567503B CN115567503B CN202211563697.4A CN202211563697A CN115567503B CN 115567503 B CN115567503 B CN 115567503B CN 202211563697 A CN202211563697 A CN 202211563697A CN 115567503 B CN115567503 B CN 115567503B
- Authority
- CN
- China
- Prior art keywords
- flow
- analysis
- https
- protocol
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an HTTPS protocol analysis method based on flow analysis. The problem that an agent server is set to decrypt HTTPS flow in the prior art and is not suitable for the field of mirror image flow analysis is solved; the invention comprises the following steps: s1: configuring system key resources, collecting flow from a mirror image port, and distributing the collected flow to a flow filtering thread; s2: sequentially carrying out bottom layer protocol analysis, HTTPS (hypertext transfer protocol secure) filtration and decryption on the flow packet to obtain plaintext information, and sending the plaintext information to a protocol analysis thread; s3: the session streams are converged, the analysis is carried out according to an application layer protocol, and the analysis result is sent to a exporting thread; s4: and reading the flow analysis result, packaging according to a specific format, and sending to a database. And collecting bypass mirror flow, and realizing analysis of the HTTPS protocol under the condition of not influencing the existing network topology. And filtering the target HTTPS flow according to the configuration information, and performing accurate decryption operation, thereby greatly improving the analysis efficiency.
Description
Technical Field
The invention relates to the field of flow analysis, in particular to an HTTPS protocol analysis method based on flow analysis.
Background
HTTPS (full name: hyper Text Transfer Protocol over Secure Socket Layer) is an HTTP (full name: hyper Text Transfer Protocol) channel which aims at safety, and the safety of the transmission process is ensured through transmission encryption and identity authentication on the basis of HTTP. The HTTP Protocol is above the TCP (Transmission Control Protocol) Transport Layer, and the HTTPs adds a Layer of encryption/authentication Layer SSL (Secure Socket Layer)/TLS (Transport Layer Security) between the TCP Transport Layer and the HTTP application Layer. Briefly, HTTPS = SSL/TLS + HTTP.
At present, HTTPS needs to perform a handshake between a client and a server before data transmission to establish a key (digital Certificate) for both sides to encrypt and transmit data, in the handshake process, the client sends a connection request to the server, the server sends its own Certificate and information related to the Certificate to the client, the client checks whether the Certificate sent by the server is issued by a trusted CA (Certificate Authority), and if so, the handshake process is continuously performed; if not, sending a warning message to confirm whether to continue accessing; the client randomly generates a 'symmetric key' (encrypted by adopting a symmetric encryption mode) for data encryption transmission, then encrypts the 'symmetric key' by using the public key of the server and sends the encrypted key to the server, and the server decrypts the 'symmetric key' by using the private key of the server to obtain the 'symmetric key'. So far, both the client and the server obtain a "symmetric key". The client and the server carry out encrypted transmission of data after handshake, and the client and the server decrypt the encrypted data transmitted between the client and the server by using the symmetric key to obtain corresponding data packets after decryption.
With the importance of data security of large enterprises and institutions, the application of HTTPS is becoming more and more popular, and has already occupied a place in the web communication market. It is therefore necessary to analyze the HTTPS protocol to bring it within the scope of data security monitoring. However, HTTPS adds difficulty to the analysis of network traffic while providing security for data communications. At present, no effective solution is available in the field of bypass mirror image traffic analysis.
In the existing method, a proxy server is arranged to decrypt HTTPS traffic and further supervise the HTTPS traffic, for example, in a method, a system, a proxy server and a storage medium for managing and controlling cipher text data based on an HTTPS protocol disclosed in chinese patent literature, no. CN110768940B, in order to manage and control the HTTPS protocol cipher text data, the HTTPS proxy server is erected between an intranet client and a real server to which a target website belongs, and the HTTPS proxy server audits and manages the HTTPS protocol cipher text; the method for auditing the HTTPS content and the proxy server are also disclosed in the publication No. CN111147465A, and the proxy server is arranged to acquire the HTTPS plaintext information, so that the supervision on the sensitive information is realized.
In actual use, the bypass monitoring mode has the advantages of flexible and convenient deployment and no influence on the existing network, and the network monitoring mainly adopts the bypass monitoring mode. The existing method can not be applied in the field of bypass mirror image flow analysis.
For the existing ssldump decrypted HTTPS message, the SSL/TLS protocol is mainly analyzed to obtain a symmetric key, the data of the http application layer is decrypted into a plaintext, then TLS is eliminated, the packet is encapsulated again, and fields such as a TCP port number and a Mac address are written into fixed values, so that the reunion of the following session stream is not facilitated. The ssldump three-party library is used in the following way: the method runs in a command line mode, and can monitor pcap files by configurable parameters or specify network cards and flow of specified ports. And the method cannot be directly applied to the field of bypass mirror flow analysis.
Disclosure of Invention
The method mainly solves the problem that the prior art is not suitable for the field of mirror image flow analysis because a proxy server is arranged to decrypt HTTPS flow; an HTTPS protocol analysis method based on flow analysis is provided, and the HTTPS protocol in the mirror image flow is analyzed.
The technical problem of the invention is mainly solved by the following technical scheme:
an HTTPS protocol analysis method based on flow analysis comprises the following steps:
s1: configuring system key resources, collecting traffic from a mirror image port, and distributing the collected traffic to a traffic filtering thread;
s2: sequentially carrying out bottom layer protocol analysis, HTTPS (hypertext transfer protocol secure) filtration and decryption on the flow packet to obtain plaintext information, and sending the plaintext information to a protocol analysis thread;
s3: the session streams are converged, the analysis is carried out according to an application layer protocol, and the analysis result is sent to a exporting thread;
s4: and reading a flow analysis result, packaging according to a specific format, and sending to a database.
The scheme collects the bypass mirror flow, and realizes the analysis of the HTTPS protocol under the condition of not influencing the existing network topology. And filtering the target HTTPS flow according to the configuration information, and performing accurate decryption operation, thereby greatly improving the analysis efficiency. And all the HTTPS server information in the monitoring range is configured into the system, so that the full flow analysis of the HTTP/HTTPS is realized.
Preferably, the system key resources include IP addresses, ports and private key information of the HTTPS servers.
Preferably, the step S2 includes the following steps:
s201: after reading the flow packet, carrying out bottom layer protocol analysis according to the hierarchy of a data link layer, a network layer and a transmission layer to obtain an MAC address, an IP address, a protocol type and port information;
s202: matching the information analyzed according to the bottom layer protocol with the configuration information of the HTTPS server, if the matching is successful, judging that the flow is HTTPS flow, and entering the step S203; if the matching fails, judging the flow as HTTP flow, and directly sending the HTTP flow to a protocol analysis thread for processing;
s203: HTTPS decryption is carried out by using private key information to obtain plaintext flow;
s204: and sending the plaintext flow to a protocol analysis thread for processing.
And filtering the target HTTPS flow according to the configuration information, and performing accurate decryption operation, thereby greatly improving the analysis efficiency. In order to improve the operating efficiency of the system, the decryption operation of the HTTPS is separately put into another thread for processing, and the system blockage caused by the time consumption of decryption is avoided.
Preferably, the ssldump open source module is introduced to analyze the SSL/TLS protocol. The source code is modified to enable processing of real-time incoming traffic packets. The HTTPS traffic is decrypted by the ssldump utility and the server private key.
Preferably, according to the characteristics of the SSL/TLS protocol, the symmetric key is obtained by using the corresponding private key information, so that the transmission data is decrypted to obtain the plaintext flow. And decrypting the symmetric key by utilizing the server private key information according to the encryption principle of the HTTPS. Further, the transmission data is decrypted to obtain the plaintext flow.
Preferably, in step S1, key resource information of a plurality of groups of HTTPS servers is configured. In this way, HTTPS messages interacting with multiple servers can be parsed.
Preferably, session flow is converged by utilizing quintuple information of the flow packet; the five-tuple information includes a source IP address, a destination IP address, a protocol type, a source port, and a destination port. During multithread processing, flow splitting processing can be carried out according to the quintuple hash value of the flow, and the flow packets with the same quintuple are converged into the same thread of the next processing flow, so that the recombination of the conversation flow is facilitated.
The invention has the beneficial effects that:
1. and collecting bypass mirror flow, and realizing analysis of the HTTPS protocol under the condition of not influencing the existing network topology.
2. And filtering the target HTTPS flow according to the configuration information, and performing accurate decryption operation, thereby greatly improving the analysis efficiency.
3. And all the HTTPS server information in the monitoring range is configured into the system, so that the full flow analysis of the HTTP/HTTPS is realized.
Drawings
Fig. 1 is a schematic diagram of a data flow process of the protocol analysis method of the present invention.
FIG. 2 is a flow diagram of the traffic filtering thread of the present invention.
FIG. 3 is a flow diagram of a protocol resolution thread of the present invention.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
The first embodiment is as follows:
in the HTTPS protocol analysis method based on traffic analysis according to this embodiment, as shown in fig. 1, a DPDK (Data Plane Development Kit) is used to perform Data transfer between threads. As shown in fig. 1, the collection thread puts the traffic packet address collected from the port into Ring1; the flow filtering thread takes out the flow packet from Ring1 for processing, and the processing result is put into Ring2; the protocol analysis flow reads the flow processing result from Ring2, carries out flow application layer protocol analysis, and puts the analysis result into Ring3; and the data export thread reads the analysis result from Ring3, packages the data according to the protocol format and sends the data to the database for storage.
If the flow bandwidth of the system is large, a plurality of threads can be configured for parallel processing according to needs, including port acquisition, flow filtering, protocol analysis and data export.
During multithread processing, flow splitting processing can be carried out according to the quintuple hash value of the flow, and the flow packets with the same quintuple are converged into the same thread of the next processing flow, so that the recombination of the conversation flow is facilitated.
The specific method flow comprises the following steps:
s1: and configuring system key resources, collecting traffic from the mirror image port, and distributing the collected traffic to a traffic filtering thread.
The system key resources comprise IP addresses, ports and private key information of the HTTPS server. The key resource information of multiple groups of HTTPS servers can be configured. In this manner, HTTPS messages interacting with multiple servers can be parsed.
And capturing the flow from the mirror image port by using the DPDK, and distributing the acquired flow to a flow filtering thread.
S2: and sequentially carrying out bottom layer protocol analysis, HTTPS (hypertext transfer protocol secure) filtration and decryption on the flow packet to obtain plaintext information, and sending the plaintext information to a protocol analysis thread.
As shown in fig. 2, the specific process of the traffic filtering thread is as follows:
s201: and after reading the flow packet, carrying out bottom layer protocol analysis according to the hierarchy of a data link layer, a network layer and a transmission layer to obtain an MAC address, an IP address, a protocol type and port information.
After the flow filtering thread reads the flow packet, carrying out flow bottom layer protocol analysis:
analyzing a data link layer protocol to obtain an MAC address; analyzing a network layer protocol to obtain an IP address and a protocol type; and analyzing a transport layer protocol to acquire port information.
S202: matching the information analyzed according to the bottom layer protocol with the configuration information of the HTTPS server, if the matching is successful, judging that the flow is HTTPS flow, and entering the step S203; if the matching fails, the HTTP traffic is judged to be HTTP traffic, and the HTTP traffic is directly sent to the protocol analysis thread for processing.
S203: and (4) carrying out HTTPS decryption by using the private key information to obtain the plaintext flow.
In this embodiment, according to the characteristics of the SSL/TLS protocol, the symmetric key is obtained by using the corresponding private key information, so as to decrypt the transmission data and obtain the plaintext traffic. And decrypting the symmetric key by utilizing the server private key information according to the encryption principle of the HTTPS. Further, the transmission data is decrypted to obtain the plaintext flow.
S204: and sending the plaintext flow to a protocol analysis thread for processing.
And filtering the target HTTPS flow according to the configuration information, and performing accurate decryption operation, thereby greatly improving the analysis efficiency. In order to improve the operating efficiency of the system, the decryption operation of the HTTPS is separately put into another thread for processing, and the system blockage caused by the time consumption of decryption is avoided.
S3: and converging the session streams, analyzing according to an application layer protocol, and sending an analysis result to a exporting thread.
As shown in fig. 3, the protocol parsing thread aggregates the session streams, parses according to the application layer protocol, and sends the parsing result to the export thread. After reading the flow packet, the protocol analysis thread performs flow aggregation according to the quintuple information of the flow, further performs application layer protocol analysis on the load data, and sends the analysis result to the export thread.
The five-tuple information includes a source IP address, a destination IP address, a protocol type, a source port, and a destination port. During multithread processing, flow splitting processing can be carried out according to the quintuple hash value of the flow, and the flow packets with the same quintuple are converged into the same thread of the next processing flow, so that the recombination of the conversation flow is facilitated.
And analyzing according to the format (a starting line, a message header, an empty line and a message entity) of the HTTP protocol, and introducing a state machine analysis method for improving the analysis efficiency, wherein llhttp can be referred.
S4: and reading the flow analysis result, packaging according to a specific format, and sending to a database. The method is used for detecting and analyzing the big data analysis platform, thereby realizing the monitoring of the network.
The scheme collects the bypass mirror flow, and realizes the analysis of the HTTPS protocol under the condition of not influencing the existing network topology. And filtering the target HTTPS flow according to the configuration information, and performing accurate decryption operation, thereby greatly improving the analysis efficiency. And all the HTTPS server information in the monitoring range is configured into the system, so that the full flow analysis of the HTTP/HTTPS is realized.
The second embodiment:
in the HTTPS protocol analysis method based on traffic analysis of this embodiment, a process of decrypting to obtain a plaintext is optimized.
And importing the ssldump open source module to analyze the SSL/TLS protocol. The source code is modified to enable processing of real-time incoming traffic packets. The HTTPS traffic is decrypted by the ssldump utility and the server private key.
And when the mirror flow is collected, filtering according to the configuration, then still sending the network message to the ssldump, and after the processing is finished, returning the result. When the flow packet is taken, the quintuple is solved and sent to the next processing thread together with the application layer payload of the plaintext. The problem that due to the fact that the ssldump decrypts the HTTPS message, the focus is on obtaining the symmetric key and decrypting the application layer protocol, and the subsequent session flow cannot be converged easily is solved.
The scheme of the embodiment is only optimized for the process of decrypting to obtain the plaintext, and other contents are the same as those in the first embodiment.
Example three:
in the HTTPS protocol analysis method based on traffic analysis of this embodiment, a process of decrypting to obtain a plaintext is optimized.
After filtering HTTPS flow, downloading the data into a pcap file, calling a system () command in a code, designating a private key file, executing ssldump to analyze a pcap-1 file just downloaded, putting a result into another pcap-2 file, collecting the pcap-2 file by a system, and analyzing the plaintext flow in the pcap-2 file.
The scheme mainly preserves the integrity of quintuple information for source code modification of ssldump.
The scheme of the embodiment is only optimized for the process of decrypting to obtain the plaintext, and other contents are the same as those in the first embodiment.
It should be understood that the examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention can be made by those skilled in the art after reading the teaching of the present invention, and these equivalents also fall within the scope of the claims appended to the present application.
Claims (6)
1. An HTTPS protocol analysis method based on flow analysis is characterized by comprising the following steps:
s1: configuring system key resources, collecting flow from a mirror image port, and distributing the collected flow to a flow filtering thread;
s2: sequentially carrying out bottom layer protocol analysis, HTTPS (hypertext transfer protocol secure) filtration and decryption on the flow packet to obtain plaintext information, and sending the plaintext information to a protocol analysis thread;
s3: converging the session streams, analyzing according to an application layer protocol, and sending an analysis result to a exporting thread;
s4: reading a flow analysis result, packaging according to a specific format, and sending to a database;
the step S2 includes the following processes:
s201: after reading the flow packet, carrying out bottom layer protocol analysis according to the hierarchy of a data link layer, a network layer and a transmission layer to obtain an MAC address, an IP address, a protocol type and port information;
s202: matching the information analyzed according to the bottom layer protocol with the configuration information of the HTTPS server, if the matching is successful, judging that the flow is HTTPS flow, and entering the step S203; if the matching fails, the HTTP flow is judged to be HTTP flow, and the HTTP flow is directly sent to a protocol analysis thread for processing;
s203: HTTPS decryption is carried out by using private key information to obtain plaintext flow;
s204: and sending the plaintext flow to a protocol analysis thread for processing.
2. The HTTPS protocol analysis method based on traffic analysis according to claim 1, wherein said system key resources comprise IP address, port and private key information of HTTPS server.
3. The HTTPS protocol analysis method based on traffic analysis according to claim 1, wherein a ssldump open source module is introduced to perform parsing of SSL/TLS protocol.
4. The HTTPS protocol analysis method based on traffic analysis as claimed in claim 1, wherein a symmetric key is obtained by using corresponding private key information according to SSL/TLS protocol characteristics, so as to decrypt transmission data and obtain plaintext traffic.
5. The method for analyzing HTTPS protocol based on traffic analysis according to claim 1, 3 or 4, wherein in step S1, key resource information of a plurality of groups of HTTPS servers is configured.
6. The HTTPS protocol analysis method based on traffic analysis according to claim 5, wherein session flows are converged by utilizing quintuple information of a traffic packet; the five-tuple information includes a source IP address, a destination IP address, a protocol type, a source port, and a destination port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211563697.4A CN115567503B (en) | 2022-12-07 | 2022-12-07 | HTTPS protocol analysis method based on flow analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211563697.4A CN115567503B (en) | 2022-12-07 | 2022-12-07 | HTTPS protocol analysis method based on flow analysis |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115567503A CN115567503A (en) | 2023-01-03 |
| CN115567503B true CN115567503B (en) | 2023-03-21 |
Family
ID=84770188
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211563697.4A Active CN115567503B (en) | 2022-12-07 | 2022-12-07 | HTTPS protocol analysis method based on flow analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115567503B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835688A (en) * | 2019-04-22 | 2020-10-27 | 中国科学院声学研究所 | Traffic fast forwarding method and system based on SSL/TLS protocol |
| CN114401097A (en) * | 2022-01-25 | 2022-04-26 | 北京浩瀚深度信息技术股份有限公司 | Method for identifying HTTPS service traffic based on SSL certificate fingerprint |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017161081A1 (en) * | 2016-03-16 | 2017-09-21 | Affirmed Networks, Inc. | Systems and methods for intelligent transport layer security |
| CN107666383B (en) * | 2016-07-29 | 2021-06-18 | 阿里巴巴集团控股有限公司 | Message processing method and device based on HTTPS (hypertext transfer protocol secure protocol) |
| CN106131207B (en) * | 2016-08-03 | 2019-05-03 | 杭州安恒信息技术股份有限公司 | A kind of method and system of bypass audit HTTPS data packet |
| CN107070812A (en) * | 2017-05-02 | 2017-08-18 | 武汉绿色网络信息服务有限责任公司 | A kind of HTTPS protocal analysises method and its system |
| CN109831448A (en) * | 2019-03-05 | 2019-05-31 | 南京理工大学 | For the detection method of particular encryption web page access behavior |
| CN111917730A (en) * | 2020-07-10 | 2020-11-10 | 浙江邦盛科技有限公司 | HTTP bypass flow-based machine behavior analysis method |
| ZA202103808B (en) * | 2020-12-09 | 2021-09-29 | Upstream Mobile Commerce Ltd | Providing enrichment information using hypertext transfer protocol secure (https) |
| CN115150182B (en) * | 2022-07-25 | 2023-07-25 | 国网湖南省电力有限公司 | Information system network attack detection method based on flow analysis |
-
2022
- 2022-12-07 CN CN202211563697.4A patent/CN115567503B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111835688A (en) * | 2019-04-22 | 2020-10-27 | 中国科学院声学研究所 | Traffic fast forwarding method and system based on SSL/TLS protocol |
| CN114401097A (en) * | 2022-01-25 | 2022-04-26 | 北京浩瀚深度信息技术股份有限公司 | Method for identifying HTTPS service traffic based on SSL certificate fingerprint |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115567503A (en) | 2023-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Velan et al. | A survey of methods for encrypted traffic classification and analysis | |
| US11848961B2 (en) | HTTPS request enrichment | |
| US8850182B1 (en) | Data capture for secure protocols | |
| US9426176B2 (en) | Method, system, and logic for in-band exchange of meta-information | |
| CN111819824A (en) | Decrypting transport layer security traffic without a broker | |
| CN110636052B (en) | Power consumption data transmission system | |
| CN107124385B (en) | Mirror flow-based SSL/TLS protocol plaintext data acquisition method | |
| CN115549932A (en) | Safety access system and access method for massive heterogeneous Internet of things terminals | |
| US20230370435A1 (en) | Methods, systems, and computer readable media for processing quic communications in a network | |
| CN211352206U (en) | IPSec VPN cryptographic machine based on quantum key distribution | |
| CN112165494B (en) | Message analysis method, device, electronic equipment and storage medium | |
| FR2969881A1 (en) | METHOD AND DEVICE FOR TRANSMITTING DATA BETWEEN TWO SECURE ETHERNET NETWORKS THROUGH A ROAD NETWORK | |
| CN113872956A (en) | Method and system for inspecting IPSEC VPN transmission content | |
| CN115567503B (en) | HTTPS protocol analysis method based on flow analysis | |
| CN113315678A (en) | Encrypted TCP (Transmission control protocol) traffic acquisition method and device | |
| EP4018621A1 (en) | Method and system for managing secure iot device applications | |
| CN111835688B (en) | Traffic fast forwarding method and system based on SSL/TLS protocol | |
| KR101919762B1 (en) | An encrypted traffic management apparatus and method for decrypting encrypted traffics | |
| CN108600185A (en) | A kind of data security transmission network system and its method | |
| CN114866527B (en) | Data processing method, device and system | |
| Hohendorf et al. | Secure end-to-end transport over sctp | |
| CN117459264A (en) | SSL VPN communication method and system based on browser | |
| CN116723238A (en) | API encrypted flow collection and labeling method based on man-in-the-middle agent | |
| CN115567426A (en) | Method for rapidly capturing local area network HTTPS data packet by using ARP | |
| CN117749855A (en) | Secure data transmission method, system, terminal and computer program product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |