Research On Agent Detection Method Based On Back Analysis

With the rapid development of the Internet,information security and network security have become the focus of increasing attention.For governments and enterprises,in order to improve the security of the internal LAN,users must be strongly managed.However,with the new technology and new business being updated,the popularity of multi-functional intelligent mobile devices has made traditional means and methods unable to meet the needs of the new situation.There are more and more ways to use new technologies to counter the supervision,such as the use of proxy software with strong encrypted traffic such as 2.6.8 and no obvious traffic to deliver illegal messages or obtain illegal content,the abuse of commercial VPNs such as open source CISCO VPN.It makes it impossible for regulators to distinguish who is a normal business user who is abusing users.At present,some mainstream technologies mainly judge the abuse of users by deciphering the network traffic for in-depth analysis.Although the recognition accuracy is high,the system construction cost is high and the operation efficiency is low,which is not conducive to large-scale deployment and implementation.On the basis of summarizing the previous technologies,this paper proposes and implements a new method for the above problems,that is,without paying attention to the traffic itself,with the PC used by the actual user,the common software on the mobile device detects the network.After the change,the server will be automatically reconnected.The traffic quintuple data analysis is performed at the network exit,and the proxy server user and proxy server address are identified in a behavioral manner through vulnerability scanning technology and application identification technology in network security.Compared with the previous technology,the advantages of this method are obvious,efficient and efficient,and don't care about the traffic itself,that is,it does not pay attention to the specific encryption mode used by the user.As long as the agent is used,it can be detected with high probability..According to this method combined with software engineering related knowledge,a prototype system was designed and developed.The prototype system is divided into front-end display module and data analysis processing module.The front-end display module uses B/S architecture mode,and the user terminal does not need to install any third party.The tool only needs to browse the prototype system through the system's own browser.The system adopts the MVC layered design.The subsequent system needs to be improved and modified without adjusting the whole system.The data analysis and processing module is based on the Linux system.Libpcap's data acquisition library,combined with the python programming language,implements high-speed acquisition and analysis of data traffic,target IP port scanning,and target IP application identification and other sub-function modules.Finally,it is proved by experiments that this method can collect and capture traffic and analyze it efficiently on the lower configuration equipment.The experimental results show that the functional indicators and performance indicators are in line with expectations,which further proves that the method is acting on the agent.The superiority of detection.