HTTP tunnel detection method and device, electronic equipment and storage medium

A detection method and detection device technology, applied in neural learning methods, instruments, biological neural network models, etc., can solve problems such as low detection rate

Pending Publication Date: 2022-03-29
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the embodiments of the present application is to provide an HTTP tunnel detection method, device, electronic equipment, and storage medium, which can extract features from HTTP session flow

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP tunnel detection method and device, electronic equipment and storage medium
  • HTTP tunnel detection method and device, electronic equipment and storage medium
  • HTTP tunnel detection method and device, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

[0060] It should be noted that like numerals and letters denote similar items in the following figures, therefore, once an item is defined in one figure, it does not require further definition and explanation in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second" and the like are only used to distinguish descriptions, and cannot be understood as indicating or implying relative importance.

[0061] Please see figure 1 , figure 1 It is a flow chart of an HTTP tunnel detection method provided by the embodiment of the present application. The existing detection method is to directly extract the first few bytes of the conversation flow, and then process it to form a picture and then perform CNN convolutional neural network recognition. This processi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides an HTTP (Hyper Text Transport Protocol) tunnel detection method and device, electronic equipment and a storage medium, and relates to the technical field of traffic security detection. The method comprises the following steps: preprocessing a to-be-detected sample to obtain an HTTP session stream; performing feature extraction on the HTTP session stream and generating a grey-scale map; and inputting the grey-scale map into a preset neural network model for detection so as to obtain a probability value that the to-be-detected sample is an HTTP tunnel, performing feature extraction on the HTTP session flow, and enabling the extracted features to more fully reflect session flow features, thereby improving the detection rate and solving the problem of low detection rate of an existing method.

Description

technical field [0001] The present application relates to the technical field of traffic security detection, in particular, to an HTTP tunnel detection method, device, electronic equipment, and storage medium. Background technique [0002] Traditional Trojans basically communicate through ports higher than 1024. For this type of Trojans, many antivirus software and firewalls only need to strictly check the port restrictions, and these Trojans can be greatly reduced by taking advantage of the opportunity. Tunnel technology is built based on common ports, and HTTP tunnel is easy to implement and difficult to detect, which makes the detection of HTTP tunnel a difficult problem in network security detection. [0003] Among the existing detection methods for HTTP tunnels, detection based on behavior is based on shallow machine learning, which does not fully characterize the features; detection based on deep learning directly performs image conversion, there is a lot of interferen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62G06N3/04G06N3/08
CPCG06N3/08G06N3/045G06F18/214
Inventor 苏香艳
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap