| With the continuous increase of network bandwidth and the rapid development of network technology,the Internet has become the main communication tool and information dissemination platform in the world.In recent years,in order to ensure the security of data transmission,the virtual tunnel protocol is widely used by enterprises and individuals due to its inherent encryption and privacy.Common VPN protocols,SSL protocols and even SSH protocols are used as virtual tunnels.Even some manufacturers use self-made protocols to ensure data security.However,with the frequent use of tunnel-type protocols,the problems caused by this have gradually become prominent.On the one hand,because the content transmitted inside the tunnel cannot be detected,the virtual tunnel is often used for malicious network attacks and illegal information dissemination,which seriously affects network security and network supervision.On the other hand,tunnel-type protocol traffic The scale is increasing,and for operators,the quality of service(Qo S)for this part of the traffic is a huge challenge.Therefore,it is urgent to study the effective discovery and identification methods of virtual tunnel protocols,and to classify the content transmitted in the tunnel,especially to discover the behavior of using virtual tunnels for malicious attacks on the network,and to provide better traffic management and service management capabilities.To ensure the normal operation of the compliance application and avoid the network security problems caused by the virtual tunneling protocol.In view of the release characteristics of virtual tunneling protocols,common protocol types and usage methods,this paper designs a complete virtual tunnel protocol detection scheme from the aspects of resource acquisition,traffic identification and content analysis to ensure accurate traffic detection of virtual tunnel protocols.On the basis of the rate,the content transmitted in the tunnel is further classified,and the situation in which the virtual tunnel is used for network attack is detected,and the normal application and the abnormalapplication are distinguished.For the virtual tunnel protocol detection,the protocol identification feature is obtained by format analysis and reverse cracking of common tunnel protocols(such as PPTP,SSL,etc.),and is identified by means of exact matching or regular matching;for an unusual tunneling protocol(for example)SSH,ICMP,etc.,through the analysis of their statistical feature behavior,using machine learning methods for identification.At the same time,the identified tunnel service resources are verified and managed to facilitate future supervision.In the aspect of tunnel content detection,this paper proposes a new artificial immune-based tunnel content detection method,which can distinguish between normal usage traffic and network malicious attack traffic transmitted in the tunnel.This paper designs and implements a complete set of virtual tunnel protocol detection framework,which can detect and analyze the virtual tunnel class traffic in real-time network environment,and achieve better detection results. |
PDF Full Text Request