Zhenhui Han scite author profile

Zhenhui Han

4Publications

24Citation Statements Received

46Citation Statements Given

How they've been cited

How they cite others

125

Affiliations

Sichuan University

Publications

Order By: Most citations

Flow Context and Host Behavior Based Shadowsocks’s Traffic Identification

et al. 2019

View full text Add to dashboard Cite

Cloud Virtual Private Server (VPS) services provide the chance of rapid deployment of anonymous proxy services, becoming an important part of many anonymous proxy solutions. The anonymous system represented by ShadowSocks (SS), through proxy services deployed on VPSs provided by different cloud service providers, has become an important mean for illegal network activists to engage in illegal network activities such as cyber-attacks and darknet transactions. It is difficult for local network administrators to supervise SS traffic from the cloud. While from the local network, the task faces the challenges of Invisible Negotiation Process and Data Transparent Transmission. In this paper, we present a novel SS detection method based on flow context and host behavior. The method can not only accurately identify SS flows, but also be applicable to a large-scale network environment. In this method, we extract 12-dimensional features from three aspects: the relationship between flows, hosts' flow behavior, and hosts' DNS behavior to build the detection model. Among them, the four features about flow burst and the feature of unassociated domain names' number are innovatively proposed in this paper. Moreover, the big data statistical and association techniques are used in the method. To verify the effectiveness of the method, we first built a real SS running environment based on the campus network and two VPSs on two different public cloud platforms. Moreover, we conduct a series of experiments on the NTCI-BDP data platform which is a big data platform built by our team. The experimental results show that our method achieves 93.43% accuracy on experimental data sets and can effectively identify SS traffic.INDEX TERMS Big Data association, cloud-based anonymous proxy, flow burst, flow context, host behavior, traffic identification, shadowsocks.

show abstract

Review on the application of deep learning in network attack detection

Chen

Ge³

et al. 2023

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Detecting Proxy User Based on Communication Behavior Portrait

Han

Chen

Zeng

et al. 2019

View full text Add to dashboard Cite

Proxies can help users to bypass the network filtering system, leaving the network open to banned content, and can also enable users to anonymize themselves for terminal security protection. Proxies are widely used in the current network environment. However, certain spy proxies record user information for privacy theft. In addition, attackers can use such technologies to anonymize malicious behaviors and hide identities. Such behaviors have posed serious challenges to the internal defense and security threat assessment of an organization; however, the anonymity of the proxy makes it consistent with normal network communication, and general network traffic identification methods are not able to detect it. To accurately and effectively discover proxy users in the organization based on s, a proxy user detection method based on communication behavior portrait offers the following: (1) analysis of the communication behavior from the perspective of the portrait. Based on not abandoning the effective information of the traffic itself, the label system is established by introducing exogenous data to identify the difference between proxy communication and normal communication. (2) Construction of the portrait feature set of proxy user detection based on the traffic file and external data by studying the differences between the attribute sets of communication behavior labels for proxy users and non-proxy users. (3) Design and implementation a data-driven machine learning method to supply guidance for automatic recognition of such behavior. The experimental results show that, compared with state-of-the-art methods, the detection accuracy for the proxy user exceeds 95%, and that of real network traffic environment exceeds 85%. These results indicate that the detection method proposed in this paper can accurately distinguish proxy communication and normal communication and thus achieves precise proxy user detection.

show abstract

Contrastive Learning Enhanced Intrusion Detection

Yue

Chen

Han

et al. 2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Zhenhui Han

Flow Context and Host Behavior Based Shadowsocks’s Traffic Identification

Review on the application of deep learning in network attack detection

Detecting Proxy User Based on Communication Behavior Portrait

Contrastive Learning Enhanced Intrusion Detection

Contact Info

Product

Resources

About