CN111144504A - Software image flow identification and classification method based on PCA algorithm - Google Patents

Software image flow identification and classification method based on PCA algorithm Download PDF

Info

Publication number
CN111144504A
CN111144504A CN201911394923.9A CN201911394923A CN111144504A CN 111144504 A CN111144504 A CN 111144504A CN 201911394923 A CN201911394923 A CN 201911394923A CN 111144504 A CN111144504 A CN 111144504A
Authority
CN
China
Prior art keywords
software
classification
session
application
image flow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911394923.9A
Other languages
Chinese (zh)
Other versions
CN111144504B (en
Inventor
陈鹏
林鹏
罗鹰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Kelai Network Technology Co ltd
Original Assignee
Colasoft Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Colasoft Co ltd filed Critical Colasoft Co ltd
Priority to CN201911394923.9A priority Critical patent/CN111144504B/en
Publication of CN111144504A publication Critical patent/CN111144504A/en
Application granted granted Critical
Publication of CN111144504B publication Critical patent/CN111144504B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/213Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
    • G06F18/2135Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods based on approximation criteria, e.g. principal component analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention belongs to the technical field of software traffic identification, and particularly relates to a software mirror image traffic identification and classification method based on a PCA algorithm. Therefore, the invention discovers the software classification possibly existing in the mirror flow by constructing the session characteristics related to the software, and helps the user to master which type of software is deployed in each asset.

Description

Software image flow identification and classification method based on PCA algorithm
Technical Field
The invention belongs to the technical field of software flow identification, and particularly relates to a software mirror image flow identification and classification method based on a PCA algorithm.
Background
The network assets are mainly various devices used in a computer (or communication) network, mainly including a host, network devices (routers, switches, etc.) and security devices (firewalls, etc.), and the value of the network is proportional to the square of the number of network users. There is great freedom in network assets, the applications of installation and deployment are very different, and it is not easy to manage, and although each asset deploys software management tools, there are few asset software management tools for the whole network.
In recent years, network technology is developed rapidly, a variety of application software is produced, and software application combinations installed and deployed in network assets are also diversified. However, due to different functional requirements, the quality of software products is different, and due to the fact that a large number of various software are stacked in network assets, various kinds of vulnerabilities existing in the network are increased due to the fact that the various kinds of software are associated through the network, and through the vulnerabilities, a hidden door which threatens the information security of individuals and enterprises through the network assets and even threatens the national network security is provided for purposeful people.
However, the software management tools in the prior art are mainly directed to a single or specific type of software application, and cannot know which software applications are deployed in all assets mounted in the network through network data. Therefore, when a certain software application deployed in a certain asset has a bug, the existing software management tool can only inform an asset manager of perfect repair in a notification mode, but it is unknown whether the software deployed in other assets in the network has the bug, so that the network asset management scheme in the prior art lacks analysis and collection of overall deployment data of network assets, only each asset can realize software management, and the manager does not know the actual software deployment condition of each asset and finds and repairs the bug in time.
Disclosure of Invention
The invention aims to provide a software classification method for classifying captured mirror image flow by means of mirror image flow and a machine learning method and by means of IP and domain name behaviors spontaneously generated in the using process of software.
The technical scheme of the invention provides a software mirror image flow identification and classification method based on a PCA algorithm, which comprises a model base generation step, a test base generation step and a classification and identification step;
the model base generation step is to collect and install installation packages of a plurality of different types of application software, collect and analyze flow data in the installation process of the application software, collect domain name and IP data, correspondingly generate a training set marked with software names and software classes, and train the training set through a PCA algorithm to acquire a feature matrix of each software class to form a software classification model;
the test library generation step comprises the steps of screening out source IP and IP sessions thereof which accord with software classification by acquiring and analyzing mirror image flow data of each asset in a network, and then forming a test library by taking a load group of application layer load byte data of the IP sessions as a test set;
and the step of classification identification is to compare and identify the test set in the step of generating the test library with the software classification model in the step of generating the model library, and output the class of the software.
Specifically, the step of generating the model base comprises the processes of application software collection, software flow collection, software-related domain name collection, software-related IP collection, training set generation and training model generation;
the application software collection is to collect installation packages of a plurality of types of application software including communication software, transmission software, office software and multimedia software through an internet way;
the software flow collection is to collect the IP session flow which is spontaneously and outwards initiated in the operation processes of installation, use, update and the like of each application software collected by the application software; the session is completely applied to load acquisition, the client and the server can exchange a large amount of host information in the handshaking process, and the encrypted session can also exchange digital certificates.
The software-related domain name collection is realized by analyzing DNS protocol flow spontaneously formed by each application software and extracting domain names and/or CNAME domain names used for software and software servers in the DNS protocol flow, wherein the domain names are mainly used for realizing information collection such as asset terminal information uploading, synchronization, software updating, user operation collection and the like by software;
the software-related IP collection is to analyze the response data of the A command and/or AAA command of DNS in DNS protocol flow spontaneously formed by each application software, extract the analysis IP of the software-related domain name, or obtain the latest domain name analysis IP through the Internet, such as using *** public DNS;
the training set generation is to collect the application layer load byte data of the IP session spontaneously formed by each application software, label the software name and software classification for each application layer load byte, and use the load group as the training set;
the training model generation step is to take the training set as a training sample, train the training sample by a PCA algorithm and obtain a feature matrix of each software classification; the PCA algorithm is used. The training complexity is reduced, and the training and recognition speed is increased through the characteristics of dimension reduction retention and the highest software category information quantity; different from the traditional method of using fixed features, the method utilizes session content as training content, and can automatically complete feature acquisition, training and recognition.
The IP session traffic comprises IP sessions including DNS, HTTP and HTTPS protocols.
The application layer load byte data is not less than 128 bytes, and if the application layer load byte data is less than 128 bytes, the application layer load byte data is filled in a 0 complementing mode;
the software classification comprises communication software, transmission software, office software, multimedia software, development software, safety software, mail software, industry software, game software and mobile phone application software.
Further, the test library generation step comprises the processes of mirror image flow extraction and analysis, source IP data extraction and test set generation;
the mirror image flow extraction and analysis means that the asset flow data in the network is subjected to mirror image acquisition, then the acquired mirror image flow is analyzed, the source IP in the DNS protocol of the mirror image flow is extracted, and the source IP and the IP session thereof which accord with software classification are screened out;
the source IP data extraction refers to extracting an IP session in the source IP;
the test set generation refers to extracting a load group of application layer load byte data of each IP session in the source IP to generate a test set;
the source IP and the IP session thereof conforming to the classification for software satisfy: the A and/or AAA command request session of DNS in DNS protocol flow comprises the domain name related to the software, or the CNAME request of DNS comprises the domain name related to the software, or the A and/or AAA command response session of DNS comprises the IP related to the software.
The IP session comprises application protocol session flow which is spontaneously formed by software of HTTP and HTTPS; the software spontaneous behaviors comprise defaults of visiting official websites, updating, reporting error logs, reporting statistical logs, operating backup and uploading configuration. Most of these operations are done based on HTTP, HTTPs.
The application layer payload byte data is not less than 128 bytes, and if the application layer payload byte data is not less than 128 bytes, the application layer payload byte data is filled in a 0 complementing mode.
Compared with the prior art, the technical scheme of the invention analyzes the domain name and IP request of each asset effective load in the flow through the collection and the mirror image collection of the core switch, arranges a special behavior time sequence characteristic, and finally identifies the local software name of each asset generating network behavior in the real-time flow through the real-time and off-line DNS data and the behavior characteristics of a large amount of local software. Therefore, the invention discovers the software classification possibly existing in the mirror flow by constructing the session characteristics related to the software, and helps the user to master which type of software is deployed in each asset.
Drawings
The foregoing and following detailed description of the invention will be apparent when read in conjunction with the following drawings, in which:
FIG. 1 is a logical schematic of a basic scheme of the present invention.
Detailed Description
The technical solutions for achieving the objects of the present invention are further illustrated by the following specific examples, and it should be noted that the technical solutions claimed in the present invention include, but are not limited to, the following examples.
Example 1
As a most basic implementation scheme of the present invention, as shown in fig. 1, the software image flow identification and classification method based on the PCA algorithm disclosed in this embodiment includes a model library generation step, a test library generation step, and a classification identification step.
In the step of generating the model base, a plurality of installation packages of different types of application software are collected and installed, flow data in the installation process of the application software are collected and analyzed, domain name and IP data are collected, a training set marked with software names and software classifications is correspondingly generated, and then the training set is trained through a PCA algorithm to acquire a feature matrix of each software classification to form a software classification model.
And in the test library generation step, a source IP and an IP session thereof which accord with software classification are screened out by acquiring and analyzing mirror image flow data of each asset in the network, and then a load group of application layer load byte data of the IP session is used as a test set to form the test library.
And the step of classification identification is to compare and identify the test set in the step of generating the test library with the software classification model in the step of generating the model library, and output the class of the software.
The method comprises the steps of analyzing domain names and IP requests of effective loads of all assets in flow through convergence and core switch mirror image collection, sorting out a special behavior time sequence characteristic, and finally identifying local software names of network behaviors generated by all assets in real-time flow through real-time and offline DNS data and behavior characteristics of a large amount of local software. Therefore, the invention discovers the software classification possibly existing in the mirror flow by constructing the session characteristics related to the software, and helps the user to master which type of software is deployed in each asset.
Example 2
As a preferred implementation scheme of the present invention, on the basis of the foregoing example 1, further, the step of generating the model library includes processes of application software collection, software traffic collection, software-related domain name collection, software-related IP collection, training set generation, and training model generation.
The application software collection is to collect installation packages of a plurality of types of application software including communication software, transmission software, office software and multimedia software through an internet way;
the software flow collection is to collect the IP session flow which is spontaneously and outwards initiated in the operation process of installation, use, update and the like of each application software collected by the application software, wherein the IP session flow comprises IP sessions including DNS, HTTP and HTTPS protocols; the session is completely applied to load acquisition, the client and the server can exchange a large amount of host information in the handshaking process, and the encrypted session can also exchange digital certificates.
The software-related domain name collection is realized by analyzing DNS protocol flow spontaneously formed by each application software and extracting domain names and/or CNAME domain names used for software and software servers in the DNS protocol flow, wherein the domain names are mainly used for realizing information collection such as asset terminal information uploading, synchronization, software updating, user operation collection and the like by software.
The software-related IP collection is to analyze the response data of the A command and/or AAA command of DNS in DNS protocol flow which is spontaneously formed by each application software, extract the analysis IP of the software-related domain name, or acquire the latest domain name analysis IP through the Internet, such as using *** public DNS.
The training set generation is to collect application layer load byte data of an IP session spontaneously formed by each application software, the application layer load byte data is not less than 128 bytes, if the application layer load byte data is less than 128 bytes, the application layer load byte data is filled in a 0-complementing mode, a software name and a software classification are marked for each application layer load byte, and the load group is used as a training set.
The training model generation step is to take the training set as a training sample, train the training sample by a PCA algorithm and obtain a feature matrix of each software classification; the PCA algorithm is used. The training complexity is reduced, and the training and recognition speed is increased through the characteristics of dimension reduction retention and the highest software category information quantity; different from the traditional method of using fixed features, the method utilizes session content as training content, and can automatically complete feature acquisition, training and recognition.
Preferably, the software classification includes communication software, transmission software, office software, multimedia software, development software, security software, mail software, industry software, game software and mobile phone application software.
Further, the test library generation step comprises the processes of mirror flow extraction and analysis, source IP data extraction and test set generation.
The mirror image flow extraction and analysis means that the asset flow data in the network is subjected to mirror image acquisition, then the acquired mirror image flow is analyzed, the source IP in the DNS protocol of the mirror image flow is extracted, and the source IP and the IP session thereof which accord with software classification are screened out; the source IP data extraction is to extract IP sessions in the source IP, the test set generation is to extract a load group of application layer load byte data of each IP session in the source IP and generate a test set, the application layer load byte data is not less than 128 bytes, and if the application layer load byte data is less than 128 bytes, the test set is filled in a 0-complementing mode;
and the source IP and its IP session conforming to the classification for software should satisfy at least any one of:
1. a and/or AAA command request session of DNS in DNS protocol flow comprises domain name related to the software;
2. the CNAME request of the DNS comprises a domain name related to the software;
3. the A and/or AAA command response session of the DNS contains the software-related IP.
The IP session comprises application protocol session traffic spontaneously formed by software of HTTP and HTTPS; the software spontaneous behaviors comprise defaults of visiting official websites, updating, reporting error logs, reporting statistical logs, operating backup and uploading configuration. Most of these operations are done based on HTTP, HTTPs.

Claims (9)

1. A software image flow identification and classification method based on PCA algorithm is characterized in that: the method comprises a model library generation step, a test library generation step and a classification identification step;
the model base generation step is to collect and install installation packages of a plurality of different types of application software, collect and analyze flow data in the installation process of the application software, collect domain name and IP data, correspondingly generate a training set marked with software names and software classes, and train the training set through a PCA algorithm to acquire a feature matrix of each software class to form a software classification model;
the test library generation step comprises the steps of screening out source IP and IP sessions thereof which accord with software classification by acquiring and analyzing mirror image flow data of each asset in a network, and then forming a test library by taking a load group of application layer load byte data of the IP sessions as a test set;
and the step of classification identification is to compare and identify the test set in the step of generating the test library with the software classification model in the step of generating the model library, and output the class of the software.
2. The software image flow identification and classification method based on the PCA algorithm as claimed in claim 1, wherein: the step of generating the model base comprises the processes of collecting application software, collecting software flow, collecting software-related domain names, collecting software-related IP, generating a training set and generating a training model;
the application software collection is to collect installation packages of a plurality of types of application software including communication software, transmission software, office software and multimedia software through an internet way;
the software flow collection is to collect the spontaneous and outward-initiated IP session flow of each application software collected by the application software in the installation, use and update operation processes;
the software-related domain name collection is to analyze DNS protocol traffic spontaneously formed by each application software and extract domain names and/or CNAME domain names used for software and software servers in the DNS protocol traffic;
the software-related IP collection is to analyze the response data of the A command and/or AAA command of the DNS in the DNS protocol flow spontaneously formed by each application software, extract the analysis IP of the software-related domain name, or acquire the latest domain name analysis IP in an internet mode;
the training set generation is to collect the application layer load byte data of the IP session spontaneously formed by each application software, label the software name and software classification for each application layer load byte, and use the load group as the training set;
and in the training model generation step, the training set is used as a training sample, the training sample is trained by a PCA algorithm, and a feature matrix of each software classification is obtained.
3. The software image flow identification and classification method based on the PCA algorithm as claimed in claim 2, wherein: the IP session traffic comprises IP sessions including DNS, HTTP and HTTPS protocols.
4. The software image flow identification and classification method based on the PCA algorithm as claimed in claim 2 or 3, wherein: the application layer payload byte data is not less than 128 bytes, and if the application layer payload byte data is not less than 128 bytes, the application layer payload byte data is filled in a 0 complementing mode.
5. The software image flow identification and classification method based on the PCA algorithm as claimed in claim 2, wherein: the software classification comprises communication software, transmission software, office software, multimedia software, development software, safety software, mail software, industry software, game software and mobile phone application software.
6. The software image flow identification and classification method based on the PCA algorithm as claimed in claim 1, wherein: the test library generating step comprises the processes of mirror image flow extraction and analysis, source IP data extraction and test set generation;
the mirror image flow extraction and analysis means that the asset flow data in the network is subjected to mirror image acquisition, then the acquired mirror image flow is analyzed, the source IP in the DNS protocol of the mirror image flow is extracted, and the source IP and the IP session thereof which accord with software classification are screened out;
the source IP data extraction refers to extracting an IP session in the source IP;
the test set generation refers to extracting a load group of application layer load byte data of each IP session in the source IP to generate a test set.
7. The software image flow identification and classification method based on the PCA algorithm as claimed in claim 6, wherein: the source IP and the IP session thereof conforming to the classification for software satisfy: the A and/or AAA command request session of DNS in DNS protocol flow comprises the domain name related to the software, or the CNAME request of DNS comprises the domain name related to the software, or the A and/or AAA command response session of DNS comprises the IP related to the software.
8. The software image flow identification and classification method based on the PCA algorithm as claimed in claim 6, wherein: the IP session comprises application protocol session traffic spontaneously formed by software of HTTP and HTTPS.
9. The software image flow identification and classification method based on the PCA algorithm as claimed in claim 6, 7 or 8, characterized in that: the application layer payload byte data is not less than 128 bytes, and if the application layer payload byte data is not less than 128 bytes, the application layer payload byte data is filled in a 0 complementing mode.
CN201911394923.9A 2019-12-30 2019-12-30 Software mirror image flow identification and classification method based on PCA algorithm Active CN111144504B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911394923.9A CN111144504B (en) 2019-12-30 2019-12-30 Software mirror image flow identification and classification method based on PCA algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911394923.9A CN111144504B (en) 2019-12-30 2019-12-30 Software mirror image flow identification and classification method based on PCA algorithm

Publications (2)

Publication Number Publication Date
CN111144504A true CN111144504A (en) 2020-05-12
CN111144504B CN111144504B (en) 2023-07-28

Family

ID=70521892

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911394923.9A Active CN111144504B (en) 2019-12-30 2019-12-30 Software mirror image flow identification and classification method based on PCA algorithm

Country Status (1)

Country Link
CN (1) CN111144504B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050278703A1 (en) * 2004-06-15 2005-12-15 K5 Systems Inc. Method for using statistical analysis to monitor and analyze performance of new network infrastructure or software applications for deployment thereof
CN101464950A (en) * 2009-01-16 2009-06-24 北京航空航天大学 Video human face identification and retrieval method based on on-line learning and Bayesian inference
US7810151B1 (en) * 2005-01-27 2010-10-05 Juniper Networks, Inc. Automated change detection within a network environment
US20110167495A1 (en) * 2010-01-06 2011-07-07 Antonakakis Emmanouil Method and system for detecting malware
CN105357071A (en) * 2015-11-12 2016-02-24 成都科来软件有限公司 Identification method and identification system for network complex traffic
KR101631694B1 (en) * 2015-08-24 2016-06-21 수원대학교산학협력단 Pedestrian detection method by using the feature of hog-pca and rbfnns pattern classifier
CN106100999A (en) * 2016-08-28 2016-11-09 北京瑞和云图科技有限公司 Image network flow control protocol in a kind of virtualized network environment
EP3200398A1 (en) * 2016-01-29 2017-08-02 Avaya, Inc. Automated mirroring and remote switch port analyzer (rspan)/encapsulated remote switch port analyzer (erspan) functions using fabric attach (fa) signaling
CN108345794A (en) * 2017-12-29 2018-07-31 北京物资学院 The detection method and device of Malware
CN108921170A (en) * 2018-06-21 2018-11-30 武汉科技大学 A kind of effective picture noise detection and denoising method and system
US20190042895A1 (en) * 2016-06-12 2019-02-07 Grg Banking Equipment Co., Ltd. Offline identity authentication method and apparatus
US20190190851A1 (en) * 2017-12-14 2019-06-20 Industrial Technology Research Institute Method and device for monitoring traffic in a network

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050278703A1 (en) * 2004-06-15 2005-12-15 K5 Systems Inc. Method for using statistical analysis to monitor and analyze performance of new network infrastructure or software applications for deployment thereof
US7810151B1 (en) * 2005-01-27 2010-10-05 Juniper Networks, Inc. Automated change detection within a network environment
CN101464950A (en) * 2009-01-16 2009-06-24 北京航空航天大学 Video human face identification and retrieval method based on on-line learning and Bayesian inference
US20110167495A1 (en) * 2010-01-06 2011-07-07 Antonakakis Emmanouil Method and system for detecting malware
KR101631694B1 (en) * 2015-08-24 2016-06-21 수원대학교산학협력단 Pedestrian detection method by using the feature of hog-pca and rbfnns pattern classifier
CN105357071A (en) * 2015-11-12 2016-02-24 成都科来软件有限公司 Identification method and identification system for network complex traffic
EP3200398A1 (en) * 2016-01-29 2017-08-02 Avaya, Inc. Automated mirroring and remote switch port analyzer (rspan)/encapsulated remote switch port analyzer (erspan) functions using fabric attach (fa) signaling
US20190042895A1 (en) * 2016-06-12 2019-02-07 Grg Banking Equipment Co., Ltd. Offline identity authentication method and apparatus
CN106100999A (en) * 2016-08-28 2016-11-09 北京瑞和云图科技有限公司 Image network flow control protocol in a kind of virtualized network environment
US20190190851A1 (en) * 2017-12-14 2019-06-20 Industrial Technology Research Institute Method and device for monitoring traffic in a network
CN108345794A (en) * 2017-12-29 2018-07-31 北京物资学院 The detection method and device of Malware
CN108921170A (en) * 2018-06-21 2018-11-30 武汉科技大学 A kind of effective picture noise detection and denoising method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
孙小琪;高文曦;镇丽华;: "基于SVD的人脸对称性的两步人脸识别算法" *
郑淋;叶猛;: "基于多尺度分析和决策树的P2P流量检测模型" *

Also Published As

Publication number Publication date
CN111144504B (en) 2023-07-28

Similar Documents

Publication Publication Date Title
CN109726744B (en) Network traffic classification method
CN110380989B (en) Internet of things equipment identification method based on two-stage and multi-classification network traffic fingerprint features
CN108418727B (en) Method and system for detecting network equipment
CN112019449B (en) Traffic identification packet capturing method and device
CN114826671B (en) Network asset identification method and device based on hierarchical matching of fingerprints
CN111147394A (en) Multi-stage classification detection method for remote desktop protocol traffic behavior
CN112333706A (en) Internet of things equipment anomaly detection method and device, computing equipment and storage medium
CN112769623A (en) Internet of things equipment identification method under edge environment
CN103490979B (en) electronic mail identification method and system
CN110971601A (en) Efficient network message transmission layer multi-level feature extraction method and system
CN111654486A (en) Server equipment judgment and identification method
CN114611576A (en) Accurate identification technology for terminal equipment in power grid
CN113438332B (en) DoH service identification method and device
CN113746804A (en) DNS hidden channel detection method, device, equipment and storage medium
CN116662184B (en) Industrial control protocol fuzzy test case screening method and system based on Bert
CN111144504A (en) Software image flow identification and classification method based on PCA algorithm
CN110661795A (en) Vector-level threat information automatic production and distribution system and method
CN110417786B (en) P2P flow fine-grained identification method based on depth features
CN110266562B (en) Method for automatically detecting identity authentication function of network application system
CN107592214B (en) Method for identifying login user name of internet application system
CN111625807A (en) Equipment type identification method and device
KR100621996B1 (en) Method and system of analyzing internet service traffic
CN109412898A (en) Characteristic library generating method and device and corresponding flow method for sorting and device
CN114827085B (en) Root server correctness monitoring method, device, equipment and storage medium
CN113032089B (en) Distributed simulation service construction method based on API gateway

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20210618

Address after: 41401-41406, 14th floor, unit 1, building 4, No. 966, north section of Tianfu Avenue, Chengdu hi tech Zone, China (Sichuan) pilot Free Trade Zone, Chengdu, Sichuan 610093

Applicant after: Chengdu Kelai Network Technology Co.,Ltd.

Address before: 13 / F and 14 / F, unit 1, building 4, No. 966, north section of Tianfu Avenue, Chengdu high tech Zone, China (Sichuan) pilot Free Trade Zone, Wuhou District, Chengdu, Sichuan 610000

Applicant before: COLASOFT Co.,Ltd.

CB02 Change of applicant information
CB02 Change of applicant information

Address after: 610000 12th, 13th and 14th floors, unit 1, building 4, No. 966, north section of Tianfu Avenue, Chengdu hi tech Zone, China (Sichuan) pilot Free Trade Zone, Chengdu, Sichuan

Applicant after: Kelai Network Technology Co.,Ltd.

Address before: 41401-41406, 14th floor, unit 1, building 4, No. 966, north section of Tianfu Avenue, Chengdu hi tech Zone, China (Sichuan) pilot Free Trade Zone, Chengdu, Sichuan 610093

Applicant before: Chengdu Kelai Network Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant