| Li Shicong (李世淙),Yun Xiaochun,Zhang Yongzheng.[J].高技术通讯(英文),2014,20(1):63~69 |
|
| Anomaly-based model for detecting HTTP-tunnel traffic using network behavior analysis |
| |
| DOI:10.3772/j.issn.1006-6748.2014.01.010 |
| 中文关键词: |
| 英文关键词: network security, anomaly detection model, hierarchical clustering, HTTP-tunnel |
| 基金项目: |
| Author Name | Affiliation | | Li Shicong (李世淙) | | | Yun Xiaochun | | | Zhang Yongzheng | |
|
| Hits: 931 |
| Download times: 835 |
| 中文摘要: |
| |
| 英文摘要: |
| Increasing time-spent online has amplified users’ exposure to the threat of information leakage. Although existing security systems (such as firewalls and intrusion detection systems) can satisfy most of the security requirements of network administrators, they are not suitable for detecting the activities of applying the HTTP-tunnel technique to steal users’ private information. This paper focuses on a network behavior-based method to address the limitations of the existing protection systems. At first, it analyzes the normal network behavior pattern over HTTP traffic and select four features. Then, it presents an anomaly-based detection model that applies a hierarchical clustering technique and a scoring mechanism. It also uses real-world data to validate that the selected features are useful. The experiments have demonstrated that the model could achieve over 93% hit-rate with only about 3% false-positive rate. It is regarded confidently that the approach is a complementary technique to the existing security systems. |
|
View Full Text
View/Add Comment Download reader |
| Close |
