Discovering abnormal behaviors via HTTP header fields measurement

Gaopeng Gou; Quan Bai; Gang Xiong; Zhenzhen Li

首页> 外文期刊>Concurrency and Computation >Discovering abnormal behaviors via HTTP header fields measurement

【24h】

Discovering abnormal behaviors via HTTP header fields measurement

机译：通过HTTP标头字段测量发现异常行为

获取原文

获取原文并翻译 | 示例

开具论文收录证明 >>

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

In recent years, more and more intrusion detection systems and firewalls have been used to detect and block malicious applications or unknown protocols in order to enhance the security of systems. Therefore, some malicious applications begin to shape themselves as common ones to escape malicious protocol detection. Being an important protocol for many Internet services, hypertext transfer protocol (HTTP) is responsible for nearly 10% of the traffic volume on the Internet. Therefore, many malicious applications pretend their traffic to be HTTP protocol to go into hiding their malicious behaviors. In the paper, we study the problem of discovering these abnormal behaviors in HTTP protocol traffic. We find that the characteristics of many abnormal behaviors are performed in the header fields of their shaping HTTP such as Tor and malicious web crawlers, and the information of HTTP header fields of HTTP traffic generated by normal application is also discussed. And then, a method based on the measurement of HTTP header fields proposed three patterns that make them specific to detect abnormal behaviors of shaping HTTP protocol. The experimental results indicate that the proposed method is effective for abnormal behaviors by shaping to be HTTP on large-scale traffic of one Internet service provider. The experimental results also show that the proposed method could be extended to large-scale and high-speed network environment for detecting abnormal behaviors of shaping HTTP protocol.

机译：近年来，越来越多的入侵检测系统和防火墙已用于检测和阻止恶意应用程序或未知协议，以增强系统的安全性。因此，一些恶意应用程序开始将自己塑造为常见的应用程序，以逃避恶意协议检测。作为许多Internet服务的重要协议，超文本传输协议（HTTP）负责Internet上近10％的流量。因此，许多恶意应用程序将其流量伪装成HTTP协议，以隐藏其恶意行为。在本文中，我们研究了在HTTP协议流量中发现这些异常行为的问题。我们发现，许多异常行为的特征都在其成形HTTP的头字段（例如Tor和恶意Web爬网程序）中执行，并且还讨论了正常应用程序生成的HTTP流量的HTTP头字段的信息。然后，一种基于HTTP标头字段测量的方法提出了三种模式，使它们专用于检测塑造HTTP协议的异常行为。实验结果表明，该方法通过对一个互联网服务提供商的大规模流量进行HTTP整形，从而有效地解决了异常行为。实验结果还表明，该方法可以扩展到大规模，高速的网络环境中，以检测HTTP协议整形的异常行为。

著录项

来源
《Concurrency and Computation》 |2017年第20期|e3926.1-e3926.12|共12页
作者
Gaopeng Gou; Quan Bai; Gang Xiong; Zhenzhen Li;
展开▼
作者单位

Institute of Information Engineering, Chinese Academy of Sciences, Minzhuang Road #89, Haidian, Beijing, China;

Institute of Information Engineering, Chinese Academy of Sciences, Minzhuang Road #89, Haidian, Beijing, China;

Institute of Information Engineering, Chinese Academy of Sciences, Minzhuang Road #89, Haidian, Beijing, China;

Institute of Information Engineering, Chinese Academy of Sciences, Minzhuang Road #89, Haidian, Beijing, China;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
HTTP header fields; measurement; abnormal behaviors; protocol;

机译：HTTP标头字段;测量;异常行为;协议;

相似文献

外文文献
中文文献
专利

1. Along with rewriting URLs, it may be necessary to rewrite HTTP request or response header fields [J] . Linux Journal . 2017,第275期

机译：除了重写URL，可能还需要重写HTTP请求或响应头字段
2. Measurement of prompt D 0 and D ￣ 0 meson azimuthal anisotropy and search for strong electric fields in PbPb collisions at s NN = 5.02 TeV [J] . Physics letters . 2021,第1期

机译：提示d 0 和 d 0 meson方位角各向异性，并在 S nn = 5.02 TEV
3. Upper Critical Field Measurements up to 60 T in Arsenic-Deficient LaO_(0.9)F_(0.1)FeAs_(1-delta): Pauli Limiting Behavior at High Fields vs. Improved Superconductivity at Low Fields [J] . G. Fuchs, S.-L. Drechsler, N. Kozlova, Journal of Low Temperature Physics . 2010,第1a2期

机译：缺砷的LaO_（0.9）F_（0.1）FeAs_（1-δ）中高达60 T的上部临界场测量：高场的Pauli极限行为与低场的改进超导性
4. Network Monitoring Using MMT: An Application Based on the User-Agent Field in HTTP Headers [C] . Vinh Hoa La, Raul Fuentes, Ana R. Cavalli IEEE International Conference on Advanced Information Networking and Applications . 2016

机译：使用MMT进行网络监视：基于HTTP标头中User-Agent字段的应用程序
5. Investigation of Abnormal Behavior of Light Induced Degradation (LID) In Cost-Effective Industrial Aluminum Back Surface Field (AL-BSF) Silicon Solar Cells. [D] . Hsu, Yu-Chen. 2017

机译：在具有成本效益的工业铝背面电场（AL-BSF）硅太阳能电池中研究光诱导降解（LID）的异常行为。
6. Behavioral and Locomotor Measurements Using an Open Field Activity Monitoring System for Skeletal Muscle Diseases [O] . Kathleen S. Tatem, James L. Quinn, Aditi Phadke, 2014

机译：使用开放式活动监测系统对骨骼肌疾病进行行为和运动测量
7. Decision-making is the process of analyzing information about a problem situation and comparing it to a specific conclusion in order to solve a specific problematic (Yıkılmaz, 2001; Miller and Byrnes, 2001). Decision-making styles are a mechanism that is influenced by the internal and external conditions that determine the direction of the decisions of the individual, the content of the decision-making process, and the outcome of the decision-making process (Payne, Bettman and Johson, 1993; Bavol’ár and Orosová, 2015). ACT is a contemporary member of the Cognitive Behavioral Therapy family. ACT (Acceptance and commitment therapy) has both similar and different directions with Behavioral Therapies and Cognitive Therapies (Herbet and Forman, 2011; Hayes, 2004). KKT responds to classical behavioral treatments using both existential and cognitive approaches in the analysis of behavior. KKT is a science wing that tries to solve human problems with a wider perspective aimed at solving problematic human behaviors (Plumb, Stewart, Dahl and Lundgren, 2009). It is seen that there is very little research about the new approach of ACT approach when the aiming country of our country is screened and it is thought that our country will contribute to the field of psychological counseling with the work done. In the scope of the research, experimental and control groups and preliminary test, post-test and follow-up measurements of 2x3 experimental design were used. The study's study group consists of a total of 24 (12 experimental and 12 control groups) university students studying in different departments and levels, continuing their education in the academic year of 2015-2016 in Ağrı province and İbrahim Chechen University in 2015-2016 academic year. The average age of participants in the experiment and control group is 20. There were 12 participants in the experimental group, 7 female and 5 male, and 12 participants, 7 female and 5 male in the control group. Personal Information Form and Decision Making Style Scale prepared by the researcher were used in the research. In order to decide on the tests to be used in the course of analyzing the data, the scores of the participant's Decision Styles Scale pre-test, which are placed primarily in the experimental and control groups, it was analyzed whether the basic expectations of parametric tests were answered. As a result of the analysis made, the scores, skewness and kurtosis coefficients obtained from the Decision Making Styles Scale were given to the experimental and control groups. It was determined that the distribution was normal in the result of Shapiro-Wilk test, in which the skewness and kurtosis coefficients of each sub-scale were ranked between -1 and +1. Participants in the experimental and control groups; homogeneity test results for decision-style pre-test measurements indicate that the data are homogeneous. According to the results of the Mauchly Globalness Test, it has been determined that working supports the hypothesis. It was determined that there was no significant difference between the pre-test scores obtained from dependent decision-making style of experiment and control groups, but the test group showed lower mean scores at the significant level within the scores of post-test and follow-up tests. Therefore, it can be said that the ACT-oriented psychoeducation program applied to the experimental group reduces the dependent decision-making style scores from the decision style sub-dimensions and the psychoeducation program has a lasting effect. It was determined that there was no significant difference between pre-test, post-test and follow-up scores obtained from the Spontaneous-Instant Decision Style of experiment and control groups. Thus, it can be said that this situation does not cause a significant difference in the Spontaneous-Decision-Making Style scores from the decision style sub-dimensions of the ACT-oriented psychoeducation program applied to the experimental group. The ACT -oriented psychoeducation program had a decline in the intuitive decision-making styles of the individuals, but this decrease did not create significant differences. Thus, it can be said that this situation does not make a meaningful difference in the intuitive decision style scores from the decision style sub-dimensions of the KKT oriented psychoeducation program applied to the experimental group. The pre-test scores obtained from the rational decision-making style of the experimental and control groups showed that there was a difference between the post-test and the follow-up scores, but this difference was not significant. As a result of the analysis, it was determined that the test group had higher levels of rational decision style than the pre - test scores in the post test and follow - up scores, whereas the post test and follow - up test scores in the control group rational decision style showed a decrease compared to the pre - test scores. the pre - test scores. Decision-making Styles Scale Avoidant Decision Making As a result of the analysis of the mean scores of the subscale scores of pre-test, post-test and follow-up measures, the group effect was found to be insignificant. It was determined that the experimental and control groups differed significantly from the pre-test scores obtained from the avoidant decision-making style but did not show any significant change within the scores of the post-test and follow-up tests. [O] . mustafa ercengiz, ali haydar şar 2018

机译：决策是分析有关问题情况的信息并将其与特定结论进行比较的过程，以解决特定的问题（Yıkılmaz，2001; Miller和Byrnes，2001）。决策风格是一种机制，受到内部和外部条件的影响，确定个人决定的方向，决策过程的内容以及决策过程的结果（PAYNE，BETTMAN和BEDNE） Johson，1993;Bavol'ár和奥萨洛瓦，2015）。法案是认知行为治疗家庭的当代成员。行为（验收和承诺治疗）具有与行为疗法和认知疗法的类似和不同方向（Herbet和Forman，2011; Hayes，2004）。 KKT在分析行为中使用存在性和认知方法来响应古典行为治疗方法。 KKT是一个科学翼，试图解决人类问题，旨在解决有问题的人类行为（铅垂，斯图尔特，Dahl和Lundgren，2009）。有人认为，当我们国家的瞄准国家进行筛选时，有关行动方法的新方法几乎没有研究，并且认为我们的国家将为完成工作做出贡献的心理咨询领域。在研究的范围内，使用实验和对照组和初步测试，使用后测试和后续测量的2x3实验设计。该研究的研究小组包括共24名（12个实验和12个对照组）大学学生在不同的部门和水平上学习，在2015-2016学术上继续进行2015-2016的学术年度2015-2016学年年。实验和对照组参与者的平均年龄是20.实验组中有12名参与者，7名女性和5名男性，12名参与者，7名女性和5名男性。研究人员准备的个人信息表格和决策制定风格规模在研究中使用。为了决定在分析数据的过程中使用的测试，参与者的决策风格刻度预测的分数主要在实验和对照组中进行，分析了参数的基本期望吗？测试得到了回答。由于对实验和对照组给出了从决策曲调标度获得的分数，偏移和峰度分子系数。确定该分布是正常的在成熟的-WILK试验结果中，其中每亚级的偏差和刚度系数在-1到+1之间排名。实验和对照组的参与者;决策式预测测量的同质性测试结果表明数据是均匀的。根据毛毛环保试验的结果，已确定工作支持假设。据确定，从依赖决策风格的实验和对照组获得的预测分数之间没有显着差异，但测试组在测试后的分数内显示出较低的平均分数和后续的分数 - 测试。因此，可以说，应用于实验组的面向活动的心理教育程序减少了决策风格子维度的依赖决策风格分数，并且心理教育程序具有持久的效果。据确定，从实验和对照组自发决策风格获得的预测试，测试后和后续评分之间没有显着差异。因此，可以说这种情况不会导致从应用于实验组的活动导向的心理教育程序的决策风格分数的自发决策风格分数显着差异。行为的心理教育计划在个人直观的决策风格下降，但这种减少并没有产生显着的差异。因此，可以说，这种情况不会在从应用于实验组的KKT导向的心理教育程序的决策风格分数中产生有意义的决策风格分数。从实验和对照组的理性决策风格获得的预测分数显示后检验后和随访评分之间存在差异，但这种差异并不重要。由于分析，确定测试组的理性决策风格较高，而不是后测试和后续分数的预测分数，而对照组合理决策风格的后测试和后续测试分数显示出与预测试分数相比的减少。预测分数。决策款式扩展避免决策由于分析了预测试，测试后和后续措施的班次评分的平均分数，发现群体效应是微不足道的。确定实验和对照组从避免决策风格获得的预测评分中显着不同，但在测试后和后续测试的分数内没有显示出任何重大变化。
8. Small Hydrogen/Oxygen Rocket Flowfield Behavior from Heat Flux Measurements [R] . Reed, B. D. 1993

机译：热通量测量中的小氢/氧气火箭流场特性

Discovering abnormal behaviors via HTTP header fields measurement

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅