Anomaly-based model for detecting HTTP-tunnel traffic using network behavior analysis 被引量：2

Anomaly-based model for detecting HTTP-tunnel traffic using network behavior analysis

下载PDF

导出

摘要 Increasing time-spent online has amplified users' exposure to the threat of information leakage.Although existing security systems(such as firewalls and intrusion detection systems) can satisfy most of the security requirements of network administrators,they are not suitable for detecting the activities of applying the HTTP-tunnel technique to steal users' private information.This paper focuses on a network behavior-based method to address the limitations of the existing protection systems.At first,it analyzes the normal network behavior pattern over HTTP traffic and select four features.Then,it presents an anomaly-based detection model that applies a hierarchical clustering technique and a scoring mechanism.It also uses real-world data to validate that the selected features are useful.The experiments have demonstrated that the model could achieve over 93%hit-rate with only about 3%falsepositive rate.It is regarded confidently that the approach is a complementary technique to the existing security systems. Increasing time-spent online has amplified users＇ exposure to tile tilreat oI miormanon leakage. Although existing security systems （such as firewalls and intrusion detection systems） can satisfy most of the security requirements of network administrators, they are not suitable for detecting the activities of applying the HTTP-tunnel technique to steal users＇ private information. This paper focuses on a network behavior-based method to address the limitations of the existing protection systems. At first, it analyzes the normal network behavior pattern over HTI＇P traffic and select four features. Then, it pres- ents an anomaly-based detection model that applies a hierarchical clustering technique and a scoring mechanism. It also uses real-world data to validate that the selected features are useful. The experiments have demonstrated that the model could achieve over 93% hit-rate with only about 3% false- positive rate. It is regarded confidently that the approach is a complementary technique to the existing security systems.

作者李世淙 Yun Xiaochun Zhang Yongzheng

机构地区 Institute of Computing Technology Institute of Information Engineering University of Chinese Academy of Science

出处《High Technology Letters》 EI CAS 2014年第1期63-69,共7页 高技术通讯（英文版）

基金 Supported by the National Natural Science Foundation of China(No.61070185,61003261) the Knowledge Innovation Program of the Chinese Academy of Sciences(No.XDA06030200)

关键词网络行为分析 HTTP隧道入侵检测系统检测模型交通网络异常安全系统隧道技术 network security, anomaly detection model, hierarchical clustering, HTFP-tunnel

分类号 TP393.08 [自动化与计算机技术—计算机应用技术] U491.13 [交通运输工程—交通运输规划与管理]

引文网络
相关文献

参考文献14

1Gupta P, Mckeown N. Algorithms for packet classifica- tion. IEEE Network, 2001, 15(2) : 24-32.
2Bartal Y, Mayer A J, Nissim K, et al. Firmato: a novel firewall management toolkit. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, USA, 1999. 17-31.
3Cheng J, Yang H, Wong S H, et al. Design and imple- mentation of cross-domain cooperative firewall. In: Pro- ceedings of the 15th IEEE International Conference on Network Protocols, Beiiing, China, 2007. 254-293.
4Liu A, Chen F. Collaborative enforcement of firewall poli- cies in virtual private network. In: Proceedings of the 27th ACM Symposium on Principles of Distributed Com- puting, Toronto, Canada, 2008. 95-104.
5Crotti M, Dusi M, Gringoli F, et al. Detecting http tun- nels with statistical mechanisms. In: Proceedings of the d2th IEEE International Conference on Communications, Glasgow, Scotland, 2007. 6162-6168.
6Paxon V. Bro: A system for detecting network intruders in real-time. Computer Networks, 1999, 31 (23) : 2435- 2463.
7Roesch M. Snort: lightweight intrusion detection for net- works. In: Proceedings of the 13th USENIX Conference on System Administration, Washington, USA, 1999. 229-238.
8Borders K, Prakash A. Web Tap: detecting covert web traffic. In: Proceedings of the 1 l th ACM Conference on Computer and Communications Security, Washington DC, USA, 2004. 110-120.
9Borders K, Prakash A. Quantifying information leaks in outbound web traffic. In: Proceeding of the 30th Sympo- sium on Security and Privacy, Oakland, USA, 2009. 129-140.
10Rossow C, Dietrich C, Bow H, et al. Sandnet: network traffic analysis of malicious software. In: Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Salzburg, Austria, 2011. 78-88.

同被引文献17

1丁要军,刘小豫.基于决策树分类的HTTP隧道检测方法[J].咸阳师范学院学报,2011,26(2):49-53. 被引量：1
2饶孟良,蔡皖东,丁要军.基于SVM的HTTP隧道检测技术研究[J].计算机工程,2011,37(13):141-143. 被引量：2
3孙海涛,刘胜利,陈嘉勇,孟磊.基于操作行为的隧道木马检测方法[J].计算机工程,2011,37(20):123-126. 被引量：10
4钱进,苗夺谦,张泽华.云计算环境下知识约简算法[J].计算机学报,2011,34(12):2332-2343. 被引量：42
5王宜菲,杨亚磊,饶孟良.基于C4.5的HTTP隧道检测技术研究[J].计算机工程与设计,2012,33(2):493-497. 被引量：4
6陈岳兵,冯超,张权,唐朝京.面向入侵检测的集成人工免疫系统[J].通信学报,2012,33(2):125-131. 被引量：10
7Zhang Fengbin,Xi Liang,Wang Shengwen.Real-valued multi-area self set optimization in immunity-based network intrusion detection system[J].High Technology Letters,2012,18(1):1-6. 被引量：1
8王泰格,杨翌,邵玉如.HTTP隧道木马原理分析及检测方法研究[J].软件导刊,2012,11(9):152-153. 被引量：1
9章思宇,邹福泰,王鲁华,陈铭.基于DNS的隐蔽通道流量检测[J].通信学报,2013,34(5):143-151. 被引量：24
10Jun Wang,Xiaozhe Zhao,Beiping Xu,Wei Wang,Zhiyong Niu.Immune multi-agent model using vaccine for cooperative air-defense system of systems for surface warship formation based on danger theory[J].Journal of Systems Engineering and Electronics,2013,24(6):946-953. 被引量：9

引证文献2

1张玲,Sun Haiyan,Cui Jiantao,Yang Hua,Huang Yan.Intrusion detection based on rough set and artificial immune[J].High Technology Letters,2016,22(4):368-375.
2余红星,申国伟,郭春.一种基于自动特征工程与压缩感知的网络隧道检测方法[J].计算机与现代化,2019,0(6):1-8.

1突破校园网限制QQ[J].电脑爱好者（普及版）,2011(A02):105-105.
2坚如磐石.突破ISP防火墙或代理限制[J].计算机应用文摘,2008(17):80-80.
3LI Zhanchun LI Zhitang LIU Bin.Anomaly Detection System Based on Principal Component Analysis and Support Vector Machine[J].Wuhan University Journal of Natural Sciences,2006,11(6):1769-1772. 被引量：1
4康乐,韩俊杰,刘胜利.利用进程监视来检测Http-Tunnel[J].计算机工程与应用,2006,42(7):109-111. 被引量：1
5Wang Liping,Guo Erjun,Jiang Wenyong,Xue Muyu,Liu Dongrong,Ren Shanzhi.Physical modeling of spent-nuclearfuel container[J].China Foundry,2012,9(4):366-369. 被引量：5
6胡亮,康健,赵阔,孟凡二.入侵检测系统[J].吉林大学学报（信息科学版）,2002,20(4):46-53. 被引量：10
7超越网管的七“剑客”[J].计算机与网络,2003(22):50-50.
8徐慧君.Bosch的收入增长领跑四巨头[J].A&S（安全&自动化）,2006(1):64-65.
9Jia Wen (12) wjyanyuan@yahoo.com.cn Chao Li (1) Zhang Xiong (1).Behavior pattern extraction by trajectory analysis[J].Frontiers of Computer Science,2011,5(1):37-44.
10赵旭辉,刘江辉.探析下一代防火墙安全特征及发展趋势[J].信息与电脑（理论版）,2013,0(11):152-154. 被引量：2

High Technology Letters

2014年第1期

浏览历史

内容加载中请稍等...

Anomaly-based model for detecting HTTP-tunnel traffic using network behavior analysis 被引量：2

参考文献14

同被引文献17

引证文献2

相关作者

相关机构

相关主题

浏览历史