• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>2011 IEEE 3rd International Conference on Communication Software and Networks >A method for HTTP-tunnel detection based on statistical features of traffic
【24h】

A method for HTTP-tunnel detection based on statistical features of traffic

机译:一种基于流量统计特征的HTTP隧道检测方法

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

HTTP-tunnel is always used by Trojans and backdoors to avoid the detection of firewalls, and it is a threat of network security. HTTP-tunnel traffic is encrypted now, and the only way to detect the HTTP-tunnel traffic is based on statistical features of transport layer. There are a few methods in detection of HTTP-tunnel, and the statistical fingerprinting is an effective method. The method of statistical fingerprinting is instability because the features which the method using is the packet size and the inter-arrival time, and its accuracy is determined by the volume of training set. We suggested a method based on C4.5 algorithm which using the features of packet and flow. Comparing to the algorithm of fingerprint, the C4.5 algorithm had some advantages in stability, accuracy and efficiency in our experiment.
机译:木马和后门始终使用HTTP隧道来避免检测防火墙,这是对网络安全的威胁。 HTTP隧道流量现已加密,检测HTTP隧道流量的唯一方法是基于传输层的统计功能。 HTTP隧道的检测方法有几种,统计指纹是一种有效的方法。统计指纹识别方法是不稳定的,因为该方法使用的特征是数据包大小和到达间隔时间,其准确性取决于训练集的数量。我们提出了一种基于C4.5算法的方法,该方法利用了数据包和流的特征。与指纹算法相比,C4.5算法在实验中具有稳定性,准确性和效率方面的优势。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号