[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN117097628A - Networking communication behavior identification method based on signal physical characteristic parameters - Google Patents

Networking communication behavior identification method based on signal physical characteristic parameters Download PDF

Info

Publication number
CN117097628A
CN117097628A CN202311351975.4A CN202311351975A CN117097628A CN 117097628 A CN117097628 A CN 117097628A CN 202311351975 A CN202311351975 A CN 202311351975A CN 117097628 A CN117097628 A CN 117097628A
Authority
CN
China
Prior art keywords
parameters
characteristic
behavior
networking communication
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311351975.4A
Other languages
Chinese (zh)
Other versions
CN117097628B (en
Inventor
国辛纯
程晓静
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 54 Research Institute
Original Assignee
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 54 Research Institute filed Critical CETC 54 Research Institute
Priority to CN202311351975.4A priority Critical patent/CN117097628B/en
Publication of CN117097628A publication Critical patent/CN117097628A/en
Application granted granted Critical
Publication of CN117097628B publication Critical patent/CN117097628B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods

Landscapes

  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a networking communication behavior identification method based on signal physical characteristic parameters, and belongs to the technical field of wireless network sensing. Firstly, extracting characteristic parameters of a physical layer from a target network signal to be analyzed, extracting key characteristic data reflecting network behaviors from the physical parameters, and expressing the key characteristic data into characteristic character strings; and then, expressing the network behavior into a regular expression form, extracting behavior characteristic character sequences of the data to be analyzed, intercepting the characteristic sequences with proper lengths to match with the network behavior regular expression, and identifying the network behavior according to the matching result. The invention expresses the network behavior through the physical parameters and the characteristic sequences of the signals, and various possible regular expression representations for describing the network behavior are used for judging the network behavior through the regular expression, so that the processing logic for judging the network behavior is greatly simplified.

Description

Networking communication behavior identification method based on signal physical characteristic parameters
Technical Field
The invention belongs to the technical field of wireless network sensing and investigation analysis, and particularly relates to a networking communication behavior recognition method based on signal physical characteristic parameters.
Background
Network behavior refers to the behavior characteristics exhibited by a communication network between nodes in the course of conducting networking communications. According to different characteristics, classifying network behaviors into different types, including node networking behaviors, business interaction behaviors, off-network behaviors and the like, wherein the node networking behaviors refer to behaviors performed by adding nodes into an existing network, including but not limited to searching a master node, synchronizing requests, networking notices and the like; networking behavior refers to network connection behavior performed before data transmission between nodes, including but not limited to terminal node address notification, response, etc.; the service interaction behavior refers to interaction behavior performed during service communication between network nodes, and includes, but is not limited to, operations such as communication link establishment, link establishment confirmation, service transmission, transmission determination and the like; the node off-network behavior refers to behavior operations performed by the node due to the fact that the node needs to actively leave the network or leave the network, including but not limited to sending off-network messages to inform other nodes of off-network.
In the disclosed technical material, there are methods for identifying network behavior by analyzing frame feature fields, which require extracting frame structure feature fields, and determining network type by associating the feature fields with network behavior features. Under the condition of the disclosure of the protocol standard, the method identifies the network behavior through extracting the special fields in the frame structure, decoding the signal frame data and analyzing the specific fields and through logic judgment.
This method will have difficulty in obtaining a specific meaning in the case where the protocol is unknown, the network data is encrypted, and the frame specific field cannot be identified, and by logic judgment, in the case where the network behavior is particularly complex and includes multiple possibilities, a large number of logic operations are required, and the logic will be very complex to execute.
The regular expression is a regular expression based on a text mode and comprises two parts of common characters and characteristic characters. Regular expressions use a single string to describe, match a series of strings with certain syntactic rules, typically to retrieve, replace text that meets a certain pattern. The regular expression is a logic formula for operating on the character string, and a rule character string is formed by combining a plurality of special characters and specific characters which are defined in advance, and the rule character string can be used for expressing a filtering logic for the character string. At present, the method has more application in the fields of natural language processing and text recognition.
Disclosure of Invention
In order to better identify network communication behaviors, the invention provides a networking communication behavior identification method based on signal physical characteristic parameters. The method expresses the network behavior through the physical characteristic parameters and the characteristic sequences of the signals, various possible regular expression representations describing the network behavior are expressed, and the network behavior is judged through the regular expression, so that the processing logic of the network behavior judgment is greatly simplified.
The invention adopts the technical scheme that:
a networking communication behavior recognition method based on signal physical characteristic parameters comprises the following steps:
step S1, analyzing each type of networking communication behavior of a target network, and extracting physical characteristic parameters for describing the networking communication behavior;
step S2, processing physical characteristic parameters corresponding to each type of networking communication behavior to form key characteristic data belonging to the type of networking communication behavior;
step S3, expressing the key characteristic data as characteristic character strings, wherein each characteristic character string is used for expressing a specific behavior in a certain networking communication behavior; the characteristic character strings are represented by regular expressions, so that regular expressions belonging to each type of networking communication behavior are obtained;
step S4, when the behavior of the target network is required to be identified, extracting various physical characteristic parameters of the network, and processing to obtain an output characteristic character string sequence; and carrying out segmentation interception on the characteristic character string sequence, matching the segmentation through the regular expression, and identifying the behavior type of the target network according to the matching result.
Further, the physical characteristic parameters extracted in step S1 include bandwidth, level, frequency, time of occurrence, duration of occurrence, burst aggregation, and parameters obtained by transforming these parameters.
Further, the specific manner of step S2 is: the physical characteristic parameters corresponding to each type of networking communication behavior are subjected to importance screening according to the influence degree of the physical characteristic parameters on the networking communication behavior judgment, and important parameters are selected; for non-important parameters, accumulating and combining the non-important parameters into derivative parameters with high influence degree; and taking the important parameters and the derived parameters as key characteristic data of the networking communication behavior.
Further, the specific manner of step S3 is:
according to the parameter characteristics related to each networking communication behavior, the key characteristic data are expressed as characteristic character strings, and the characteristic character strings are the characteristic description of one networking communication behavior;
and carrying out graph feature merging on all feature strings belonging to the same networking communication behavior, and then modeling the merged feature strings according to a regular expression form, so that each networking communication behavior is expressed as a combination of a common string and a specific symbol, and the combination of feature symbol strings representing the same networking communication behavior.
Further, in step S4, various physical characteristic parameters of the network are extracted, and the output characteristic string sequence is obtained by processing, specifically, the method comprises the following steps:
the method comprises the steps of carrying out importance screening on physical characteristic parameters corresponding to each type of networking communication behavior of a target network according to the influence degree of the physical characteristic parameters on the networking communication behavior judgment, and selecting important parameters; for non-important parameters, accumulating and combining the non-important parameters into derivative parameters with high influence degree; the important parameters and the derived parameters are used as key characteristic data of the networking communication behavior;
and according to the parameter characteristics related to each networking communication behavior in the target network, the key characteristic data are expressed as a characteristic character string sequence to be identified according to the characteristics of the characteristic parameters.
Further, in step S4, the feature string sequence is segmented, and the length of the segmented string is greater than 2 times of the maximum feature string length.
Compared with the prior art, the invention has the following advantages:
1. the invention describes the characteristics of the network behavior through the physical characteristic parameters of the signals, and simplifies the dependence on the frame characteristic fields.
2. The invention abstracts the network behavior characteristics into the form of characteristic sequence strings and abstracts the network behavior into a characteristic model.
3. According to the method, the behavior characteristic sequence of the network is matched with the regular expression to identify the behavior type, so that the calculation complexity of the algorithm is greatly reduced, the processing logic of the algorithm is simpler, the network behavior identification and judgment complexity is greatly reduced, and the application range is wider.
Drawings
Fig. 1 is a functional block diagram of an embodiment of the present invention.
Detailed Description
A networking communication behavior recognition method based on signal physical characteristic parameters is disclosed, which realizes recognition of network behavior based on physical characteristic parameters and regular expressions, firstly, extracting characteristic parameters of a physical layer from a target network signal to be analyzed, extracting key characteristic data reflecting the network behavior in the physical characteristic parameters and expressing the key characteristic data as characteristic character strings; and then, expressing the network behavior into a regular expression form, extracting behavior characteristic character sequences of the data to be analyzed, intercepting the characteristic sequences with proper lengths to match with the network behavior regular expression, and identifying the network behavior according to the matching result.
Referring to fig. 1, the method comprises the following specific steps:
(S1) extracting physical characteristic parameters describing network behavior characteristics from a target network to be analyzed;
(S2) screening physical characteristic parameters of the target network behavior to form key characteristic data reflecting the network behavior characteristics;
(S3) representing key feature data describing network behavior as feature strings, representing a sequence of feature rule strings with regular expressions;
and S4, extracting a behavior characteristic sequence of the network to be identified, intercepting the behavior characteristic sequence in a segmented mode, comparing the behavior characteristic sequence with a regular expression characteristic rule character string sequence of the network behavior, and identifying the network behavior type through a matching result.
In step (S1), physical feature parameters describing network behavior are extracted from a target network to be analyzed, in the field of wireless communication, the physical feature parameters of a wireless signal refer to detection of the wireless signal, and based on the physical feature parameters of a time domain, a frequency domain, a space domain and the like extracted by wireless signal analysis, the physical feature parameters extracted from the detection of the wireless signal are feature parameters which describe the behavior of the target network most directly, including multidimensional physical feature parameter features such as signal bandwidth, signal level, signal frequency, signal appearance time duration, signal orientation parameter and the like, and also include other features after processing and transforming based on the basic feature, such as extracting and processing the detection time of the signal, forming a signal start feature sequence, making a difference between the start time of the next signal and the end time of the current signal, obtaining an interval feature between signal bursts, and performing feature processing and feature arrangement on a plurality of continuous signals, so that an interval sequence between signal bursts can be formed, and further obtaining a time aggregation feature of a specific signal through the interval sequence feature between the start time sequence feature and the signal bursts. By these processing for the characteristics, multidimensional physical characteristic parameters reflecting the time-dependent changes of the wireless network behavior characteristics are obtained.
In the step (S2), analyzing and screening the target network behavior characteristics to form key characteristic data reflecting the network behavior characteristics, including screening the extracted network behavior characteristic parameters according to the influence degree, and screening the characteristic parameters according to the wireless network behavior characteristics, for example, for a fixed-frequency network, a single frequency parameter is an important characteristic parameter for identifying the same network, for a frequency hopping communication network, frequency set information must be used instead of a single frequency parameter, and the frequency set information used suddenly is an important physical characteristic parameter for identifying a network; for burst signals of the same network, importance screening is carried out according to the influence criticality of network behaviors, for example, for a time-varying communication network, the communication behaviors of the network are changed according to time, and characteristic parameters reflecting the network behaviors are also according to the characteristics showing time change and have time sensitivity and time association, so that the time sequence characteristic parameters are importance characteristics influencing the wireless network behaviors, screening can be completed through the characteristic importance, and the characteristic importance is evaluated, so that the screening is analyzed and processed into key characteristic data influencing the network behaviors.
And meanwhile, the fine features are combined, and when the network behavior features are described, some small fine features can be combined into upper-layer macroscopic features for description, so that key feature data of the overall network behavior features are formed. For example, according to the signals which appear in bursts, a plurality of small burst signals can be gathered to form a signal cluster, so that the description of the network behavior characteristics according to the signal cluster is more macroscopic and more direct than that of a single burst characteristic, and the network behavior characteristics are fused and upgraded into the characteristics which describe the network behavior state more directly through the combination of fine characteristics.
Therefore, key feature data describing network behaviors are obtained by analyzing, screening and fusion upgrading the physical feature parameters.
In the step (S3), the key feature data describing the network behavior is represented as a feature string, all possible feature sequences belonging to the same network behavior are expressed by using a string, the feature of the string is merged, and the feature rule string sequence after feature merging is expressed by using a regular expression.
The network behavior key feature data can be communication interaction behavior, network access behavior, networking behavior, network exit behavior and the like, key feature data of different network behaviors in a physical feature parameter layer is extracted and expressed in a character string form, for example, when a typical system node is in communication interaction behavior, a typical system node needs to firstly send a data signal with a specific burst T1 duration for communication parameter negotiation, after an interval T2, the communication source node replies and confirms the received data signal with a T3 duration sent by a communication destination node, after an interval T4, the communication source node sends a burst data signal with a T5 duration for service data transmission, and after an interval T6, the communication destination node replies and confirms the sent data signal with a T7 duration. The key feature data describing the network behavior is represented as a feature string, and a typical string of this embodiment is T1T2T3T4T5T6T7.
All possible feature sequences belonging to the same network behavior are expressed in the form of feature character strings, specifically, all possible feature sequences belonging to the same communication interaction behavior are expressed in the form of feature character strings, for example, in some cases, after a communication source node sends a communication negotiation of T1, an interval T2 and a communication destination node sends a communication interaction after T3, the communication interaction is not performed any more, and the communication behavior typical character string at this time is T1T2T3; in some cases, the communication source node will send a data signal with a duration of T12, and after waiting for T22, the destination node will return a data signal with a duration of T32, and then no communication interaction will be performed, where the communication behavior typical character string is T12T22T32, so that all possible feature sequences of the same network behavior are represented in the form of feature sequence character strings, such as network entry behaviors T1T2T33, T12T22T32, network exit behaviors T1T2, T12T2, and so on.
The method comprises the steps of abstracting key feature data of network behaviors into character strings, describing each communication behavior into character string sequences according to all possible conditions, merging all feature character strings, modeling the behavior feature sequences according to regular expressions, relating each network behavior to all feature data character strings, expressing the network behavior feature pattern sequences into a combination of common character strings and specific symbol forms through rules of the regular expressions, expressing the network behavior feature pattern sequences into a combination sequence of specific parameters and specific parameter features, expressing feature string combinations of the same network behavior into the form of the regular expressions, expressing the network behavior feature sequences through character feature sequence rule character strings with specific text meanings, and describing and matching a series of character strings with certain syntax rules through single character strings.
In the step (S4), extracting the behavior feature sequence of the network to be identified, and constructing the feature sequence to be identified according to the screened and combined key features.
The method comprises the steps of extracting physical characteristic parameters describing characteristic sequences of target network behaviors by utilizing a previous processing flow, wherein the physical characteristic parameters comprise physical characteristic parameters of multiple dimensions such as time, frequency, space and the like, carrying out characteristic screening, merging, accumulating and the like according to specific characteristic identification of characteristic behaviors, screening key characteristics to form key characteristic data belonging to networking communication behaviors, and representing the key characteristic data as a network behavior key characteristic character string series according to the characteristics of the characteristic parameters. Specifically, the extracted network behavior characteristic parameters are subjected to importance screening according to the influence degree, the characteristic parameters are screened according to the wireless network behavior characteristics, for example, for a fixed-frequency network, a single frequency parameter is an important characteristic parameter for identifying the same network, for a frequency hopping communication network, frequency set information is required to be used instead of the single frequency parameter, and the frequency set information used in burst is an important physical characteristic parameter for identifying one network; for burst signals of the same network, importance screening is carried out according to the influence criticality of network behaviors, for example, for a time-varying communication network, the communication behaviors of the network are changed according to time, and characteristic parameters reflecting the network behaviors are also according to the characteristics showing time change and have time sensitivity and time association, so that the time sequence characteristic parameters are importance characteristics influencing the wireless network behaviors, screening can be completed through the characteristic importance, and the characteristic importance is evaluated, so that the screening is analyzed and processed into key characteristic data influencing the network behaviors.
And meanwhile, the fine features are combined, and when the network behavior features are described, some small fine features can be combined into upper-layer macroscopic features for description, so that key feature data of the overall network behavior features are formed. For example, according to the signals which appear in bursts, a plurality of small burst signals can be gathered to form a signal cluster, so that the description of the network behavior characteristics according to the signal cluster is more macroscopic and more direct than that of a single burst characteristic, and the network behavior characteristics are fused and upgraded into the characteristics which describe the network behavior state more directly through the combination of fine characteristics. Therefore, the key feature data generated by analyzing, screening and fusing the physical feature parameters are represented as a key feature parameter sequence [ … … T1T2T3T4T5T6T7T12T 23T13T 33T42T52T62T7T1T22T32T … … ] of the network behavior to be identified of the target network arranged according to the characteristics of the feature parameters, such as time-varying communication network.
In the step (S4), the behavior feature sequence of the network to be identified is extracted and sectioned, and the sectioned length is required to be 2 times greater than the maximum feature string length.
The key characteristic parameter sequence of the network behavior to be identified of the target network is a characteristic parameter sequence which grows along with time, in order to realize the identification of the specific behavior in the characteristic parameter sequence, the characteristic parameter sequence to be identified of the target network is required to be divided into small data segments and input into a behavior algorithm identification model to be identified, the long characteristic parameter sequence is divided into small segments of the characteristic parameter sequence which can be identified, the length of the segment interception is required to be determined by combining the length of a character string of the specific mode in the behavior mode of the target network, and if the segment is too short, the characteristic parameter sequence length requirement of the specific behavior cannot be met, the identification of the specific behavior cannot be realized; the method has the advantages that the problems of complex calculation, long result delay, difficult mode distinction and the like are caused when a plurality of sequences exist in one section of data with too long segmentation, so that the behavior recognition processing of a specific system needs to be combined with the characteristic parameter sequence length characteristics of the specific behavior of a target network, the proper segmentation length is selected for development, and the length which is 2 times of the length of the maximum characteristic character string in the sequence to be recognized is selected to be used as the input of the behavior algorithm recognition model for recognition, so that the higher recognition success rate can be ensured, and the higher recognition efficiency is realized.
In the step (S4), the behavior feature sequence of the network to be identified is extracted, intercepted in a segmented mode, matched with the regular expression feature rule character string sequence of the network behavior, and the network behavior type is identified by comparing the matching result with a behavior threshold value.
Inputting the extracted feature parameter sequence segments to be identified into a behavior algorithm identification model, matching the feature parameter sequence segments with a network behavior regular expression feature rule string sequence, comparing the character strings in the feature parameter sequence segments to be identified with the regular expression feature rule string sequence one by using a string identification matching method, taking special character meanings of the regular expression into consideration, and giving out matched feature sequence strings and matching success rate through a matching identification algorithm, wherein the behavior corresponding to the special string with the largest matching success rate can be regarded as network behavior. Meanwhile, a behavior threshold can be set, the matching success rate is compared with the behavior threshold, the network behavior mode is considered to be recognized if the matching success rate exceeds the behavior threshold, and the behavior mode is considered to be failed to be recognized if the matching success rate is smaller than the behavior threshold.
According to the invention, the behavior pattern abstraction can be carried out on the physical characteristic parameter sequence of the communication network behavior under the wireless state, the physical characteristic parameter sequence of the same behavior is expressed as the regular expression characteristic rule character string, and the network behavior pattern recognition is completed by extracting the network behavior key characteristic data from the target network behavior characteristic parameters to be recognized and matching with the regular expression characteristic rule character string sequence.
The invention uses the pattern recognition matching algorithm based on the physical characteristic parameters and the regular expression, is particularly suitable for recognizing the network behavior under the non-cooperative state or the channel encryption condition, reduces the dependence on protocol analysis through the physical characteristic parameters, and has wider application range. In addition, the processing logic of network behavior judgment can be greatly simplified by the identification method of the regular expression, and the processing efficiency is higher.

Claims (6)

1. The networking communication behavior recognition method based on the signal physical characteristic parameters is characterized by comprising the following steps of:
step S1, analyzing each type of networking communication behavior of a target network, and extracting physical characteristic parameters for describing the networking communication behavior;
step S2, processing physical characteristic parameters corresponding to each type of networking communication behavior to form key characteristic data belonging to the type of networking communication behavior;
step S3, expressing the key characteristic data as characteristic character strings, wherein each characteristic character string is used for expressing a specific behavior in a certain networking communication behavior; the characteristic character strings are represented by regular expressions, so that regular expressions belonging to each type of networking communication behavior are obtained;
step S4, when the behavior of the target network is required to be identified, extracting various physical characteristic parameters of the network, and processing to obtain an output characteristic character string sequence; and carrying out segmentation interception on the characteristic character string sequence, matching the segmentation through the regular expression, and identifying the behavior type of the target network according to the matching result.
2. The method according to claim 1, wherein the physical characteristic parameters extracted in step S1 include bandwidth, level, frequency, time of occurrence, duration of occurrence, burst aggregation, and parameters obtained by transforming these parameters.
3. The networking communication behavior recognition method based on the signal physical characteristic parameters according to claim 1, wherein the specific manner of step S2 is as follows: the physical characteristic parameters corresponding to each type of networking communication behavior are subjected to importance screening according to the influence degree of the physical characteristic parameters on the networking communication behavior judgment, and important parameters are selected; for non-important parameters, accumulating and combining the non-important parameters into derivative parameters with high influence degree; and taking the important parameters and the derived parameters as key characteristic data of the networking communication behavior.
4. The networking communication behavior recognition method based on the signal physical characteristic parameters according to claim 1, wherein the specific manner of step S3 is as follows:
according to the parameter characteristics related to each networking communication behavior, the key characteristic data are expressed as characteristic character strings, and the characteristic character strings are the characteristic description of one networking communication behavior;
and carrying out graph feature merging on all feature strings belonging to the same networking communication behavior, and then modeling the merged feature strings according to a regular expression form, so that each networking communication behavior is expressed as a combination of a common string and a specific symbol, and the combination of feature symbol strings representing the same networking communication behavior.
5. The networking communication behavior recognition method based on signal physical characteristic parameters according to claim 1, wherein in step S4, various physical characteristic parameters of the network are extracted, and the obtained output characteristic string sequence is processed, in which the specific manner is as follows:
the method comprises the steps of carrying out importance screening on physical characteristic parameters corresponding to each type of networking communication behavior of a target network according to the influence degree of the physical characteristic parameters on the networking communication behavior judgment, and selecting important parameters; for non-important parameters, accumulating and combining the non-important parameters into derivative parameters with high influence degree; the important parameters and the derived parameters are used as key characteristic data of the networking communication behavior;
and according to the parameter characteristics related to each networking communication behavior in the target network, the key characteristic data are expressed as a characteristic character string sequence to be identified according to the characteristics of the characteristic parameters.
6. The networking communication behavior recognition method based on the signal physical characteristic parameters according to claim 1, wherein in the step S4, the characteristic string sequence is intercepted in a segment, and the length of the character string intercepted in the segment is greater than 2 times of the length of the maximum characteristic string.
CN202311351975.4A 2023-10-19 2023-10-19 Networking communication behavior identification method based on signal physical characteristic parameters Active CN117097628B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311351975.4A CN117097628B (en) 2023-10-19 2023-10-19 Networking communication behavior identification method based on signal physical characteristic parameters

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311351975.4A CN117097628B (en) 2023-10-19 2023-10-19 Networking communication behavior identification method based on signal physical characteristic parameters

Publications (2)

Publication Number Publication Date
CN117097628A true CN117097628A (en) 2023-11-21
CN117097628B CN117097628B (en) 2023-12-22

Family

ID=88783723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311351975.4A Active CN117097628B (en) 2023-10-19 2023-10-19 Networking communication behavior identification method based on signal physical characteristic parameters

Country Status (1)

Country Link
CN (1) CN117097628B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1426020A (en) * 2001-12-13 2003-06-25 中国科学院自动化研究所 Far distance identity identifying method based on walk
CN101605126A (en) * 2008-06-11 2009-12-16 中国科学院计算技术研究所 A kind of method and system of multi-protocol data Classification and Identification
CN106161098A (en) * 2016-07-21 2016-11-23 四川无声信息技术有限公司 A kind of network behavior detection method and device
CN110011860A (en) * 2019-04-16 2019-07-12 湖南警察学院 Android application and identification method based on network traffic analysis
CN111355616A (en) * 2020-03-17 2020-06-30 电子科技大学 Tactical communication network key node identification method based on physical layer data
CN111988265A (en) * 2019-05-23 2020-11-24 深信服科技股份有限公司 Network traffic attack identification method, firewall system and related components
WO2020252635A1 (en) * 2019-06-17 2020-12-24 西门子股份公司 Method and apparatus for constructing network behavior model, and computer readable medium
CN114301671A (en) * 2021-12-28 2022-04-08 中国电信股份有限公司 Network intrusion detection method, system, device and storage medium
CN116401479A (en) * 2022-11-02 2023-07-07 国家计算机网络与信息安全管理中心 Website content behavior identification method and system based on encrypted traffic bidirectional burst sequence

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1426020A (en) * 2001-12-13 2003-06-25 中国科学院自动化研究所 Far distance identity identifying method based on walk
CN101605126A (en) * 2008-06-11 2009-12-16 中国科学院计算技术研究所 A kind of method and system of multi-protocol data Classification and Identification
CN106161098A (en) * 2016-07-21 2016-11-23 四川无声信息技术有限公司 A kind of network behavior detection method and device
CN110011860A (en) * 2019-04-16 2019-07-12 湖南警察学院 Android application and identification method based on network traffic analysis
CN111988265A (en) * 2019-05-23 2020-11-24 深信服科技股份有限公司 Network traffic attack identification method, firewall system and related components
WO2020252635A1 (en) * 2019-06-17 2020-12-24 西门子股份公司 Method and apparatus for constructing network behavior model, and computer readable medium
CN111355616A (en) * 2020-03-17 2020-06-30 电子科技大学 Tactical communication network key node identification method based on physical layer data
CN114301671A (en) * 2021-12-28 2022-04-08 中国电信股份有限公司 Network intrusion detection method, system, device and storage medium
CN116401479A (en) * 2022-11-02 2023-07-07 国家计算机网络与信息安全管理中心 Website content behavior identification method and system based on encrypted traffic bidirectional burst sequence

Also Published As

Publication number Publication date
CN117097628B (en) 2023-12-22

Similar Documents

Publication Publication Date Title
CN111506599B (en) Industrial control equipment identification method and system based on rule matching and deep learning
CN107665191B (en) Private protocol message format inference method based on extended prefix tree
US20100138375A1 (en) Graph-Based Data Search
CN110046297B (en) Operation and maintenance violation identification method and device and storage medium
US9569285B2 (en) Method and system for message handling
CN109218321A (en) A kind of network inbreak detection method and system
CN111563190A (en) Multi-dimensional analysis and supervision method and system for user behaviors of regional network
CN110798426A (en) Method and system for detecting flood DoS attack behavior and related components
CN112667750A (en) Method and device for determining and identifying message category
CN114579409A (en) Alarm method, device, equipment and storage medium
CN104767736A (en) Method for separating unknown single protocol data stream into different types of data frames
CN113821793A (en) Multi-stage attack scene construction method and system based on graph convolution neural network
CN111368289A (en) Malicious software detection method and device
CN108805211A (en) IN service type cognitive method based on machine learning
US9654590B2 (en) Method and arrangement in a communication network
CN117097628B (en) Networking communication behavior identification method based on signal physical characteristic parameters
CN115883187A (en) Method, device, equipment and medium for identifying abnormal information in network traffic data
WO2020163624A1 (en) Systems and methods of gateway detection in a telephone network
Lozonavu et al. Relation discovery of mobile network alarms with sequential pattern mining
CN112087450B (en) Abnormal IP identification method, system and computer equipment
CN112633353A (en) Internet of things equipment identification method based on packet length probability distribution and k nearest neighbor algorithm
CN114697086B (en) Mining Trojan detection method based on depth typical correlation analysis
CN117640794A (en) Network flow dividing method and system
CN111814436B (en) User behavior sequence detection method and system based on mutual information and entropy
CN114615052A (en) Intrusion detection method and system based on knowledge compilation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant