HTTP Tunnel Trojan Detection Based on Network Behavior
HTTP tunnel Trojans encapsulate all outgoing traffic into semantically valid HTTP requests that are then sent to the attacker. This paper presents a new method to detect the HTTP tunneling Trojans by using network behavior characteristics. In this paper, the communication processes of tunnel Trojan were divided into two stages. The difference between normal HTTP session and Trojan session with HTTP tunneling were depicted by eight statistics attributes, and statistical analysis and C4.5 decision tree classification algorithm were introduced to classify the two sessions. The experimental results showed that our method could efficiently detect most of the known HTTP Tunnel Trojans and could find some unknown HTTP Tunnel Trojans.
HTTP tunnel network behavior Trojan detection C4.5 decision tree
Haitao Sun Shengli Liu Jiayong Chen Changhe Zhang
Zhengzhou Institute of Information Science and Technology Zhengzhou, China
国际会议
成都
英文
1071-1075
2010-12-17(万方平台首次上网日期,不代表论文的发表时间)