Encryption protocol identification method based on active service detection engine technology

• Main Authors: LIU JIAXIANG, HUANG LONGFEI, ZHAO KUNYANG, SHI XIAOCHUAN, LIU QI, CHEN YULIANG, ZHANG JING
• Format: Patent
• Language: Chinese; English
• Published: 26.05.2020
• Subjects: CALCULATING; COMPUTING; COUNTING; ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; HANDLING RECORD CARRIERS; PHYSICS; PRESENTATION OF DATA; RECOGNITION OF DATA; RECORD CARRIERS; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention discloses an encryption protocol identification method based on an active service detection engine technology. The method comprises the steps of constructing an encryption network behavior model library; capturing the network data by using a packet capturing tool so as to realize real-time acquisition of the network interaction data; extracting valid data from the network data flow;performing feature extraction on the data with high similarity in a clustering mode; calculating correlation coefficients of the data features and different reference samples in the model library; andautomatically identifying the encrypted data protocol according to the correlation coefficient in combination with a node-based stateful identification technology and an active detection and servicecamouflage technology. According to the invention, the encryption protocol encryption identification method is optimized; identification efficiency is high; identification results are more accurate; aP2P protocol with fuzzy or