HTTP tunnel detection method based on decision tree classification algorithm

A technology of decision tree classification and detection method, which is applied in the field of HTTP tunnel detection based on decision tree classification algorithm, can solve problems such as poor stability, and achieve the effect of good stability, good stability and low memory consumption

Active Publication Date: 2011-04-27
JIANGSU ZHONGWEI HEAVY IND MACHINERY +1
View PDF3 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to overcome the deficiencies of poor stability of the existing tunnel detection method based on statistical feature analysis of transport layer data packets, the present invention provides a HTTP tunnel detection method based on decision tree classification algorithm, using HTTP data flow and tunnel data flow to classify decision tree The model is trained, and more features are used to train the model. The training process of the model is relatively simple, does not involve image fingerprints, consumes less memory, and judges based on the attributes of multiple branch nodes instead of relying on a specific Critical value, which can realize effective fusion of packet features and flow features, and improve detection stability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP tunnel detection method based on decision tree classification algorithm
  • HTTP tunnel detection method based on decision tree classification algorithm
  • HTTP tunnel detection method based on decision tree classification algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] 1. Traffic capture.

[0033] Use a traffic acquisition card to capture network traffic at the gateway exit, only capture the uplink traffic with the destination port 80 and the transport protocol as TCP. The cycle is one week, and it is saved in the PCAP file format.

[0034] 2. Network stream recombination and statistical feature calculation.

[0035] Using the University of Cambridge Computer Laboratory ( http: / / www.cl.cam.ac.uk / research / srg / netos / brasil / ) provides a program to complete packet analysis, flow assembly, and flow statistical feature calculation for the captured network data flow.

[0036] 3. Data set screening.

[0037]The dataset consists of two parts: normal HTTP data and HTTP tunnel data. In order to obtain the normal HTTP data flow, first, classify and summarize the data flow according to the destination IP of the data flow analyzed in the second step, and arrange them in descending order. Then, domain name analysis was performed on the top 30 I...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a HTTP (Hyper Text Transport Protocol) tunnel detection method based on decision tree classification algorithm, used for solving the technical problem of poor stability of a conventional tunnel detection method based on the transport layer packet statistic characteristic analysis. In the technical scheme of the invention, an HTTP data stream and a tunnel data stream are used to train a decision tree classification model, with lower requirement on quantity of training sets than a statistic fingerprint method; secondly, compared with the statistic fingerprint method in which only two flow characteristics can be utilized, the decision tree classification method can use more characteristics to train the model, therefore, obtained classification rules are more precise and stable; the process to train the model is relatively simple, does not involve image fingerprint consumes less internal storage; finally, the judgment of the decision tree classification method is made according to attributes on a plurality of branch nodes without depending on one specific critical value, which achieving better stability.

Description

technical field [0001] The invention relates to an HTTP tunnel detection method, in particular to an HTTP tunnel detection method based on a decision tree classification algorithm. Background technique [0002] The appearance of HTTP tunnel facilitates users to use the network and breaks through many network access restrictions. But it also provides hackers with powerful tools to implement network attacks. The current popular Trojan horse technology basically uses tunneling technology to penetrate the user's security protection facilities to achieve the purpose of stealing the user's private information. Therefore, HTTP tunnel detection technology is an important network information security technology. The current HTTP tunnel detection technologies mainly include: signature-based detection, protocol-based detection, and behavior-based detection. With the continuous development of HTTP tunneling technology, existing detection technologies are increasingly unable to meet a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 蔡皖东丁要军
Owner JIANGSU ZHONGWEI HEAVY IND MACHINERY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap