A Method for HTTP-Tunnel Detection Based on Statistical Features of Traffic
HTTP-tunnel is always used by Trojans and backdoors to avoid the detection of firewalls, and it is a threat of network security. HTTP-tunnel traffic is encrypted now, and the only way to detect the HTTPtunnel traffic is based on statistical features of transport layer. There are a few methods in detection of HTTP-tunnel, and the statistical fingerprinting is an effective method. The method of statistical fingerprinting is instability because the features which the method using is the packet size and the inter-arrival time, and its accuracy is determined by the volume of training set We suggested a method based on C4.5 algorithm which using the features of packet and flow. Comparing to the algorithm of fingerprint, the C4.5 algorithm had some advantages in stability, accuracy and efficiency in our experiment
HTTP-Tunnel Statistical Fingerprinting C4.5 algorithm Network Security
Yao-jun DING Wan-dong CAI
Department of Computer Northwestern Polytechnical University Xian, China
国际会议
西安
英文
247-250
2011-05-27(万方平台首次上网日期,不代表论文的发表时间)