发明名称 |
MALICIOUS ENCRYPTED NETWORK TRAFFIC IDENTIFICATION |
摘要 |
A malicious encrypted traffic detector connected to a computer network, the detector comprising: a Shannon entropy estimator; an entropy comparator; a store storing a reference measure of Shannon entropy of a portion of network traffic of a malicious encrypted network connection, wherein the estimator is adapted to estimate a measure of entropy for a corresponding portion of network traffic communicated over the computer network, and the entropy comparator is adapted to compare the estimated measure of entropy with the reference measure so as to determine if malicious encrypted network traffic is communicated over the network connection. |
申请公布号 |
US2016366155(A1) |
申请公布日期 |
2016.12.15 |
申请号 |
US201515120996 |
申请日期 |
2015.02.17 |
申请人 |
BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY |
发明人 |
EL-MOUSSA Fadi;KALLOS George;AZVINE Ben |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for identifying malicious encrypted network traffic communicated via a computer network, the method comprising:
evaluating an estimated measure of Shannon entropy for a portion of network traffic over a monitored network connection; and comparing the estimated measure of entropy with a reference measure of Shannon entropy for a corresponding portion of network traffic of a malicious encrypted network connection so as to determine if malicious encrypted network traffic is communicated over the monitored network connection. |
地址 |
London GB |