Http tunnel active detection method, terminal device and storage medium

A technology of active detection and http protocol, which is applied in the field of computer network, to achieve the effect of reducing workload, efficient and accurate detection results

Inactive Publication Date: 2017-11-24
XIAMEN ANSCEN NETWORK TECH CO LTD
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method is still effective for some ancient Trojan horse programs, but it is powerless for some well-designed and developed APT attack progr

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Http tunnel active detection method, terminal device and storage medium
  • Http tunnel active detection method, terminal device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] see figure 1 As shown, the present invention provides a kind of http tunnel active detection method, comprises the following steps:

[0027] S1: Monitor data packets: continue to monitor the http data packets connected to the network through the port until the http data packets are monitored, then enter the S2 step;

[0028] S2: Detect data packets: statically detect the monitored http data packets to determine whether they conform to the http protocol standard,

[0029] Determine whether it conforms to the http protocol standard, specifically: check whether the request command sent by the client to the server conforms to the http protocol standard, and check whether the response information sent by the server to the client conforms to the http protocol standard.

[0030] If yes, enter step S3; if not, enter step S6;

[0031] S3: Traffic comparison of this connection: compare the uplink http traffic and downlink http traffic of this connection to determine whether the...

Embodiment 2

[0049] The present invention also provides an active http tunnel detection terminal device, including a memory, a processor, and a computer program stored in the memory and operable on the processor, and the processor implements the present invention when executing the computer program. Embodiments of the invention The steps in the above method embodiments, for example figure 1 Method steps for the steps shown.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an http tunnel active detection method. The http tunnel active detection method includes the following steps: S1, continuously monitoring an http data packet which is connected to the network through a port until the http data packet can be monitored, and then entering the step S2; S2, performing static detection on the monitored http data packet, determining whether the http data packet accords with the http protocol standard, if so, entering the step S3, and if not, entering the step S6; S3, comparing the uplink flow of the connection and the downlink flow of the connection to determine whether the difference of the flows is greater than the threshold, if so, entering the step S4, and if not, entering the step S5; S4, actively initiating detection of the target server of the data packet of the connection to determine whether the target server matches the fingerprint characteristic of the http server, if so, entering the step S5, and if not, entering the step S6; S5, releasing the data packet of the connection; and S6, intercepting the data packet of the connection, performing early warning, and carrying out log recording.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to an HTTP tunnel active detection method, a terminal device and a storage medium. Background technique [0002] With the development of firewall technology, many traditional bounce-back Trojans cannot connect normally under strict firewall rules. At present, there are two main technologies for Trojans to penetrate firewalls: port multiplexing and http tunneling. The method accounts for the vast majority of common APT attacks, because even a well-guarded intranet generally has http or https access channels. This Internet access channel is also used as a channel for many Trojan horse programs to connect back. The Trojan horse program will encapsulate the communication protocol it uses in an http tunnel for transmission. Common firewalls can't do anything about this kind of Trojan. This paper describes a new detection technology, which can effectively detect this kind of ma...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/0236H04L63/1416H04L63/1425H04L63/145H04L63/306
Inventor 张婷陈腾跃梁煜麓罗佳吴鸿伟
Owner XIAMEN ANSCEN NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap