Title :
Detecting HTTP Tunnels with Statistical Mechanisms
Author :
Crotti, Matteo ; Dusi, Maurizio ; Gringoli, F. ; Salgarelli, L.
Author_Institution :
Univ. degli Studi di Brescia, Brescia
Abstract :
Application level gateways and firewalls are commonly used to enforce security policies at network boundaries, especially in large-sized business networks. However, several mechanisms can be used to circumvent these policies and bypass the whole security infrastructure: for example, tunneling an (otherwise blocked) application layer protocol into another one allowed by the policy, such as HTTP. In this paper we propose the application of a statistically-based traffic classification technique to solve this problem. By the analysis of inter-arrival time, size and order of the packets crossing a gateway, we show that it is possible to detect with high accuracy whether an observed flow is carrying a legitimate HTTP session, or the flow is being used to tunnel another protocol. This paper describes how this technique can be used effectively to enhance application level gateways and firewalls, helping to better apply network security policies.
Keywords :
authorisation; internetworking; telecommunication security; telecommunication traffic; transport protocols; HTTP tunnel; application level gateways; firewalls; interarrival time; network security; statistically-based traffic classification technique; Communication system traffic control; Communications Society; Data security; IP networks; Information security; Network servers; Protocols; Telecommunication traffic; Tunneling; Web server;
Conference_Titel :
Communications, 2007. ICC '07. IEEE International Conference on
Conference_Location :
Glasgow
Print_ISBN :
1-4244-0353-7
DOI :
10.1109/ICC.2007.1020
