计算机科学 ›› 2020, Vol. 47 ›› Issue (3): 287-291.doi: 10.11896/jsjkx.190200332
胡建伟,徐明洋,崔艳鹏
HU Jian-wei,XU Ming-yang,CUI Yan-peng
摘要: 随着攻防对抗的升级,用户行为分析与网络安全的结合逐渐进入了研究者的视野。用户行为分析技术可以做到在被成功攻击前识别不可信用户,遏制入侵,达到主动防御的效果。当前在Web安全中用户行为分析所使用的数据源主要是应用层HTTP维度的数据,这不足以确定用户身份,容易造成漏报。在安全性和隐私性更好的HTTPS技术被大规模应用的情况下,文中提出了基于n-gram和Simhash的改进的TLS指纹数据,该方法提高了现有TLS(Transport Layer Security)指纹的容错性。将该指纹应用到用户行为分析中可提高用户身份判定的准确率。对比实验使用卷积神经网络对从真实环境中得到的指纹数据和日志型用户行为数据进行建模分析。结果表明,改进的TLS指纹数据可以更有效地识别用户和黑客,将准确率提高了4.2%。进一步的分析表明,通过改进的TLS指纹关联用户行为和时间轴回溯,还能在一定程度上对黑客进行追踪溯源,从而为安全事件调查提供情报上下文。
中图分类号:
[1]YONG B,LIU X,LIU Y,et al.Web Behavior Detection Based on Deep Neural Network[C]∥2018 IEEE SmartWorld,Ubiquitous Intelligence & Computing.IEEE,2018:1911-1916. [2]PENG T,QIU W D,ZHENG H,et al.SQL Injection Behavior Mining Based Deep Learning[C]∥Proceedings of 14th International Conference.Nanjing,China,2018. [3]ECKERSLEY P.How unique is your web browser? [C]∥Proceedings of the 10th International Conferenceon Privacy Enhan- cing Technologies.Berlin:Springer,Heidelberg,2010:1-18. [4]NAKIBLY G,SHELEF G,YUDILEVICH S.Hardware fingerprinting using HTML5[J].arXiv:1503.01408,2015. [5]CAO Y Z,LI S,WIJMANS E.Browser fingerprinting via OS and hardware level features[C]∥Proceedings of Network & Distributed System Security Symposium (NDSS).2017. [6]GOOGLE.HTTPS encryption on the web [EB/OL].https://trans parencyreport.google.com/https/overview. [7]W3TECHS.Usage of Default protocol https for websites[EB/OL].https://w3techs.com/technologies/details/ce-httpsdefault/all/all. [8]IVAN.Examples of the information col- lected from SSL handshakes [EB/OL].http://blog.ivanristic.com/2009/07/examples-of-the-information-collected-from-ssl-handshakes.html. [9]MAREK.SSL fingerprinting for p0f [EB/OL].https://idea. popc ount.org/2012-06-17-ssl-fingerprinting-for-p0f. [10]LEE B.Stealthier Attacks & Smarter Defending with TLS Fingerprint [EB/OL].http://blog.squarelemon.com/tls-fingerprinting. [11]HUSÁK M,CERMÁK M,JIRSÍK T,et al.HTTPS traffic ana- lysis and client identification using passive SSL/TLS fingerprin-ting[J].EURASIP Journal on Information Security,2016,2016(1):6. [12]ALTHOUSE J.Open Sourcing JA3 [EB/OL].https://engi- neering.salesforce.com/open-sourcing-ja3-92c9e53c3c41. [13]DIERKS T,RESCORLA E.The transport layer security (TLS) protocol version 1.2[OL].https://datatracker.ietf.org/doc/rfc5246/. [14]GOOGLE.Applying GREASE to TLS Extensibility,IETF Draft[OL].https://mailarchive.ietf.org/arch/msg/ietf-announce/15r5EP6SEBb8zA-T5UoeMo5OFyg/. [15]ZHANG M,XU B Y,BAI S,et al.A Deep Learning Method to Detect Web Attacks Using a Specially Designed CNN[C]∥International Conference on Neural Information Processing.Springer,Cham,2017:828-836. [16]SAXE J,BERLIN K.eXpose:A character-level convolutional neural network with embeddings for detecting malicious URLs,file paths and registry keys[J].arXiv:1702.08568,2017. [17]LE H,PHAM Q,SAHOO D,et al.URLNet:Learning a URL Representation with Deep Learning for Malicious URL Detection[J].arXiv:1802.03162,2018. [18]KRIZHEVSKY A,SUTSKEVER I,HINTON G E.Imagenet classification with deep convolutional neural networks [C]∥Advances in Neural Information Processing Systems.2012:1097-1105. |
[1] | 周乐员, 张剑华, 袁甜甜, 陈胜勇. 多层注意力机制融合的序列到序列中国连续手语识别和翻译 Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion 计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026 |
[2] | 李宗民, 张玉鹏, 刘玉杰, 李华. 基于可变形图卷积的点云表征学习 Deformable Graph Convolutional Networks Based Point Cloud Representation Learning 计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023 |
[3] | 陈泳全, 姜瑛. 基于卷积神经网络的APP用户行为分析方法 Analysis Method of APP User Behavior Based on Convolutional Neural Network 计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121 |
[4] | 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥. 基于注意力机制的医学影像深度哈希检索算法 Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism 计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153 |
[5] | 檀莹莹, 王俊丽, 张超波. 基于图卷积神经网络的文本分类方法研究综述 Review of Text Classification Methods Based on Graph Convolutional Network 计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064 |
[6] | 金方焱, 王秀利. 融合RACNN和BiLSTM的金融领域事件隐式因果关系抽取 Implicit Causality Extraction of Financial Events Integrating RACNN and BiLSTM 计算机科学, 2022, 49(7): 179-186. https://doi.org/10.11896/jsjkx.210500190 |
[7] | 张颖涛, 张杰, 张睿, 张文强. 全局信息引导的真实图像风格迁移 Photorealistic Style Transfer Guided by Global Information 计算机科学, 2022, 49(7): 100-105. https://doi.org/10.11896/jsjkx.210600036 |
[8] | 戴朝霞, 李锦欣, 张向东, 徐旭, 梅林, 张亮. 基于DNGAN的磁共振图像超分辨率重建算法 Super-resolution Reconstruction of MRI Based on DNGAN 计算机科学, 2022, 49(7): 113-119. https://doi.org/10.11896/jsjkx.210600105 |
[9] | 刘月红, 牛少华, 神显豪. 基于卷积神经网络的虚拟现实视频帧内预测编码 Virtual Reality Video Intraframe Prediction Coding Based on Convolutional Neural Network 计算机科学, 2022, 49(7): 127-131. https://doi.org/10.11896/jsjkx.211100179 |
[10] | 徐鸣珂, 张帆. Head Fusion:一种提高语音情绪识别的准确性和鲁棒性的方法 Head Fusion:A Method to Improve Accuracy and Robustness of Speech Emotion Recognition 计算机科学, 2022, 49(7): 132-141. https://doi.org/10.11896/jsjkx.210100085 |
[11] | 杨玥, 冯涛, 梁虹, 杨扬. 融合交叉注意力机制的图像任意风格迁移 Image Arbitrary Style Transfer via Criss-cross Attention 计算机科学, 2022, 49(6A): 345-352. https://doi.org/10.11896/jsjkx.210700236 |
[12] | 杨健楠, 张帆. 一种结合双注意力机制和层次网络结构的细碎农作物分类方法 Classification Method for Small Crops Combining Dual Attention Mechanisms and Hierarchical Network Structure 计算机科学, 2022, 49(6A): 353-357. https://doi.org/10.11896/jsjkx.210200169 |
[13] | 杨涵, 万游, 蔡洁萱, 方铭宇, 吴卓超, 金扬, 钱伟行. 基于步态分类辅助的虚拟IMU的行人导航方法 Pedestrian Navigation Method Based on Virtual Inertial Measurement Unit Assisted by GaitClassification 计算机科学, 2022, 49(6A): 759-763. https://doi.org/10.11896/jsjkx.211200148 |
[14] | 王杉, 徐楚怡, 师春香, 张瑛. 基于CNN-LSTM的卫星云图云分类方法研究 Study on Cloud Classification Method of Satellite Cloud Images Based on CNN-LSTM 计算机科学, 2022, 49(6A): 675-679. https://doi.org/10.11896/jsjkx.210300177 |
[15] | 孙福权, 崔志清, 邹彭, 张琨. 基于多尺度特征的脑肿瘤分割算法 Brain Tumor Segmentation Algorithm Based on Multi-scale Features 计算机科学, 2022, 49(6A): 12-16. https://doi.org/10.11896/jsjkx.210700217 |
|