Detection device and method for malicious traffic encryption of Android mobile device

• Main Authors: NIU WEINA, HU JIA, REN XIXUAN, CHEN RUIDONG, ZHOU XIAOXIAO, ZHANG XIAOSONG, ZHOU JIE
• Format: Patent
• Language: Chinese; English
• Published: 20.09.2022
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention discloses a detection device and method for encrypted malicious traffic of Android mobile equipment, and belongs to the technical field of traffic detection. Filtering based on validity and repeatability to obtain a session A, and filtering based on characteristics of the encryption component to obtain a session B; extracting a packet length sequence and an arrival time interval sequence of the session A, performing direction processing to obtain a time domain feature vector, and adding a maximum transmission unit to a downlink packet length; transmitting a packet length and arrival time interval sequence which is not subjected to direction processing into a frequency domain feature processing module, abstracting the sequence into a digital signal to convert from a time domain to a frequency domain, and then completing conversion from a complex number to a real number and linear transformation to reduce dimensionality to obtain a frequency domain feature vector; quantizing the features of the to