사이트 독립적인 HTTP 터널링 검출

Title
사이트 독립적인 HTTP 터널링 검출
Authors
하등과
Keywords
사이트독립적인http터널링검출
Issue Date
2011
Publisher
인하대학교
Abstract
Hyper Text Transfer Protocol(HTTP) is widely used in nearly every networks when people access web pages, therefore HTTP traffic are usually allowed by local security policies to pass though firewalls and other gateway security devices without examination. However this character can be used by malicious people. With the help of HTTP tunnel applications, malicious people can transmit data within HTTP in order to circumvent local security policies. Thus it is quite important to distinguish between regular HTTP traffic and tunneled HTTP traffic. We proposed a statistical method to detect HTTP tunnels. Our proposed method does not have location restriction. In other words, it is site independent. Being trained one time, our proposed method could be applied to any other sites without training any more. Therefore, it saves training time and is convenient to deploy. Moreover, our method could detect HTTP tunnels with high accuracy.
Description
1 Introduction 1 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Thesis Organization . . . . . . . . . . . . . . . . . . . . . . 2 2 Traffic Classification 3 2.1 Demands on Traffic Classification . . . . . . . . . . . . . . . 3 2.2 Machine Learning in Traffic Classification . . . . . . . . . . 3 3 HTTP Tunnel 6 4 HTTP Tunnel Detection Techniques 10 4.1 Port Based . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.2 Payload Based . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.3 Statistical Based . . . . . . . . . . . . . . . . . . . . . . . . 11 5 Classification Features Identification 12 6 Data Collection 14 7 Classification Methods 17 7.1 ZeroR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 7.2 Naive Bayes . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 7.3 AdaBoost . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 7.4 SVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 7.5 Classifier Accuracy . . . . . . . . . . . . . . . . . . . . . . . 24 8 Training Size Selection 25 9 Experiment and Results 26 9.1 Experimental Process . . . . . . . . . . . . . . . . . . . . . 26 9.2 Experimental Results . . . . . . . . . . . . . . . . . . . . . . 30 9.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 10 Conclusion
URI
http://dspace.inha.ac.kr/handle/10505/22696
Appears in Collections:
College of Engineering(공과대학) > Information and Communication Engineering (정보통신공학) > Theses(정보통신공학 석박사 학위논문)
Files in This Item:
23696.pdfDownload

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse