Computer Science ›› 2015, Vol. 42 ›› Issue (1): 142-143.doi: 10.11896/j.issn.1002-137X.2015.01.033

Previous Articles     Next Articles

Encrypted Session Detection Approach Based on Information Entropy

CHEN Li, ZHANG Li, BAN Xiao-fang and LIANG Jie   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Traditional protocol analysis algorithms detect the network encrypted session through the port.It cannot work when encrypted session uses unknown port or encrypted traffic appeares at known plaintext port.To this end,we put forward a detection approach of encrypted session based on information entropy.Firstly it reorganizes net flow according to the port,then calculates the entropy of each packet and statistical entropy value of the entire session,at last determines whether the value belongs to the normal distribution confidence interval,and identifies the encrypted session through character distribution uniformity.Experiments show that the approach does not need fingerprint database,and can achieve higher correct detection rate,real-time detection and processing.

Key words: Information entropy,Encrypted session,Protocol identification,Normal distribution,Intrusion detection

[1] Lakhina A,Crovella M,Diot C.Characterization of Network-wide Anomalies in Traffic Flows[R].Technical Report:BUCS-20040020.Boston University,2004
[2] 高建明,龚亮亮,吕涛.基于信息熵的目标平台识别方法[J].计算机应用与软件,2013,30(9):171-184
[3] Kargupta H,Park B,Hershberger D,et al.Collective data mining:a new perspective toward distributed data mining[C]∥Proceedings of Advances in Distributed and Parallel Knowledge Discovery.[S.1.]:AAAAI/ MIT Press,2000:128-175
[4] Sommer R,Paxson V.Outside the closed world:On using machine learing for network intrusion detection[C]∥Proc.of 2010 IEEE Symposium on Secutiry and Privacy.2010:302-355
[5] 李文忠,左万利,赫枫龄.一种基于信息熵的多维流数据噪声检测算法[J].计算机科学,2012,39(2):123-144
[6] 王海龙,杨岳湘.基于信息熵的大规模网络流量异常检测[J].计算机工程,2007,33 (18):262-264
[7] Nehinbe J O.Automated technique for debugging network intrusion detection systems[C]∥IEEE 2010 International Confe-rence on Intelligent Systems,Modelling and Simulation (ISMS).Liverpool,2010:363-367
[8] 吴小叶,肖继民.基于信息熵的网络异常流量的研究[J].广东通信技术,2008(4):32-34
[9] Kim D S,Nguyen H N,Park J S.Genetic algorithm to improve SVM based network intrusion detection system[C]∥Proc.of the 19th International Conference on Advanced Information Networking and Applications.2005:150-164
[10] 丁世飞,朱红,许新征,等.基于熵的模糊信息测度研究[J].计算机学报,2012,30(8):139-151

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!