Title :
A method for HTTP-tunnel detection based on statistical features of traffic
Author :
Ding, Yao-jun ; Cai, Wan-dong
Author_Institution :
Dept. of Comput., Northwestern Polytech. Univ., Xi´´an, China
Abstract :
HTTP-tunnel is always used by Trojans and backdoors to avoid the detection of firewalls, and it is a threat of network security. HTTP-tunnel traffic is encrypted now, and the only way to detect the HTTP-tunnel traffic is based on statistical features of transport layer. There are a few methods in detection of HTTP-tunnel, and the statistical fingerprinting is an effective method. The method of statistical fingerprinting is instability because the features which the method using is the packet size and the inter-arrival time, and its accuracy is determined by the volume of training set. We suggested a method based on C4.5 algorithm which using the features of packet and flow. Comparing to the algorithm of fingerprint, the C4.5 algorithm had some advantages in stability, accuracy and efficiency in our experiment.
Keywords :
computer network security; cryptography; invasive software; statistical analysis; telecommunication traffic; transport protocols; C4.5 algorithm; HTTP-tunnel detection; HTTP-tunnel traffic; Trojans; backdoors; encrypted now; firewalls detection; inter-arrival time; network security threat; statistical features; statistical fingerprinting; transport layer; Algorithm design and analysis; Classification algorithms; Feature extraction; Fingerprint recognition; Protocols; Testing; Training; C4.5 algorithm; HTTP-Tunnel; Network Security; Statistical Fingerprinting;
Conference_Titel :
Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-1-61284-485-5
DOI :
10.1109/ICCSN.2011.6013585
