32 results about "HTTP tunnel" patented technology

A method, system and computer program product detect attempts to send significant amounts of information out via HTTP tunnels to rogue Web servers from within an otherwise firewalled network. A related goal is to help detect spyware programs. Filters, based on the analysis of HTTP traffic over a training period, help detect anomalies in outbound HTTP traffic using metrics such as request regularity, bandwidth usage, inter-request delay time, and transaction size.

Systems, methods, and media for a schema-based portal for assessment and integration of silicon IPs are disclosed. Embodiments may generally include an IP portal system having a portal interface to receive inputs from users and to provide output to users and a database interface to transmit and receive information to and from a silicon IP database and an IP file system. Embodiments of the system may also include a secure access layer (HTTP tunnel, firewall, or proprietary secure access protocol) to securely communicate information and an internal interface protocol and an external interface protocol and the secure access layer. The internal interface protocol may authorize and encrypt communications to an internal user or design system and the external interface protocol may authorize and encrypt communications to an external user or design system. The portal interface may be a Web-based interface and schema-based in some embodiments.

The invention discloses a HTTP (Hyper Text Transport Protocol) tunnel detection method based on decision tree classification algorithm, used for solving the technical problem of poor stability of a conventional tunnel detection method based on the transport layer packet statistic characteristic analysis. In the technical scheme of the invention, an HTTP data stream and a tunnel data stream are used to train a decision tree classification model, with lower requirement on quantity of training sets than a statistic fingerprint method; secondly, compared with the statistic fingerprint method in which only two flow characteristics can be utilized, the decision tree classification method can use more characteristics to train the model, therefore, obtained classification rules are more precise and stable; the process to train the model is relatively simple, does not involve image fingerprint consumes less internal storage; finally, the judgment of the decision tree classification method is made according to attributes on a plurality of branch nodes without depending on one specific critical value, which achieving better stability.

An HTTP tunneling service is described for creating a tunneled path between a client and a server (e.g., over a firewall or other data/protocol filtering device). According to one embodiment of the invention the client sends the server an initial request to open a preliminary socket connection which includes a secure client ID previously assigned to the client. The server opens the preliminary socket connection, generates a random client ID and transmits the random client ID to the client. The preliminary socket connection is then closed. The client then sends a second request to open a second socket connection using both the unique ID and the secure client ID for authentication purposes.

The invention provides a network intrusion detection method and system. The network intrusion detection method comprises the following steps that access data within a preset time period are obtained; access data feature information is extracted from the access data; whether suspicious access exists or not is judged according to the access parameter feature information. According to the network intrusion detection method and system, a remote program adopting the HTTP tunnel penetrating technology can be efficiently detected out, and the system safety can be improved; in addition, the network intrusion detection system does not need to be additionally arranged behind a firewall, and therefore system cost is reduced.

The invention discloses a multistage classification detection method for remote desktop protocol traffic behaviors, and the method comprises the steps: firstly screening out encrypted RDP protocol traffic which comprises the recognition of a TLS protocol, an SSH protocol and HTTP tunnel traffic; then, identifying the encrypted RDP flow according to the message length sequence characteristics of the RDP protocol in the connection establishment stage; and finally, for behaviors contained in the encrypted RDP protocol traffic, extracting features from three levels of traffic length, load randomness and interactivity, and classifying by using a machine learning method to realize identification of internal fine grit of the RDP protocol traffic, i.e., identification of RDP protocol traffic behaviors. On the premise of ensuring privacy, RDP protocol flow identification and classification of specific operation behaviors generated when a user remotely controls a server can be effectively realized through multi-stage classification processing of flow.

Disclosed is a system for accessing data of a cloud database via transparent technology, and the system includes at least one channel server and at least one cloud database end. When a connection notice is outputted from an application end, the user channel unit detects a first server address and a first database address in a HTTP data format, and connects to a corresponding channel server via the HTTP tunnel to send a database request, so that the channel server can convert the first database address in the HTTP data format into a TCP/IP data format and then connect to a corresponding database end. Therefore, the application end can access data from the database behind the firewall via the Internet without modifying any program code.

The invention discloses a data transmission method among client terminals in a restricted network and the client terminals in order to achieve data transmission among different client terminals in the restricted network in which only HTTP transmission is permitted. The data transmission method among the client terminals in the restricted network includes the steps that first connection between a first client terminal and an HTTP tunnel server is established; an acquiring request packet is sent to the HTTP tunnel server through the first connection, and a session key is further acquired; second connection between the first client terminal and the HTTP tunnel server is established; a mailing request packet is sent to the HTTP tunnel server through the second connection, and a session key is carried in a packet header; TCP data from an opposite end client terminal are received through the HTTP tunnel server and a TCP transit server by the aid of the first connection, and TCP data are sent to the opposite end client terminal through the HTTP tunnel server and the TCP transit server by the aid of the second connection.

The invention discloses an http tunnel active detection method. The http tunnel active detection method includes the following steps: S1, continuously monitoring an http data packet which is connected to the network through a port until the http data packet can be monitored, and then entering the step S2; S2, performing static detection on the monitored http data packet, determining whether the http data packet accords with the http protocol standard, if so, entering the step S3, and if not, entering the step S6; S3, comparing the uplink flow of the connection and the downlink flow of the connection to determine whether the difference of the flows is greater than the threshold, if so, entering the step S4, and if not, entering the step S5; S4, actively initiating detection of the target server of the data packet of the connection to determine whether the target server matches the fingerprint characteristic of the http server, if so, entering the step S5, and if not, entering the step S6; S5, releasing the data packet of the connection; and S6, intercepting the data packet of the connection, performing early warning, and carrying out log recording.

Remote viewing software at a display may contain control logic to enable it to manage the connection associated with a session. The connection management process may preferentially elect to establish a socket connection and, if that is unavailable or unreliable, may use HTTP tunneling. The connection management process may also automatically reconnect the display to the session so that the display is not required to manually re-join an ongoing session. The connection management process also manages the termination of the session to ensure that both the server and the client process at the display end the session correctly.

A communication system includes a cloud server, a management server, a gateway-enabled device, and a printing apparatus, and these are connected to each other. The gateway-enabled device includes a mode switch that wakes up the device from power saving mode when a HTTP tunneling request is received from the cloud server via a second requesting portion of the management server, a tunneling portion that accesses the cloud server by HTTP tunneling if the request is received via a first requesting portion of the management server during normal operation mode or that does the same after back to normal operation mode if the request is received via the second requesting portion by a method allowing waking up from power saving mode, a receiver that receives a print job from the cloud server having being accessed by HTTP tunneling, and a transfer portion that transfers the print job to the printing apparatus.

The invention relates to the technical field of HTTP tunnel Trojan horse detection based on communication flow analysis, in particular to an HTTP tunnel Trojan horse detection method based on deep learning. The method comprises the steps: classifying the captured data packets according to a quintuple to form a TCP session linked list; extracting a load byte of each TCP package in the TCP session linked list, and converting the first 1024 bytes into an image as the input of a deep learning model; training a model and detecting suspected Trojan horses. According to the Trojan horse detection method, the deep learning model is established, and the network communication traffic generated by the HTTP tunnel Trojan and the normal application program is learned; the characteristics of the HTTP tunnel Trojan traffic are automatically extracted, and the effective detection of the HTTP tunnel Trojan traffic in the network is realized, so that the HTTP tunnel Trojan traffic hidden in a local areanetwork can be timely detected, and the safety of the local area network is protected.

The present invention relates to a program, an information processing method and apparatus, and a data structure with which connection can be formed reliably between apparatuses having different capabilities. A service that can be provided to another party is represented by five dimensional parameters, namely, Access Method, Link Speed, X scale, Y scale, and Audio Codec. The values of the parameters are all represented by integer values. Access Method is represented by number 1 in the case of RTSP/TCP+RTP/UDP, and by number 2 in the case of HTTP tunnelling. Link Speed is normalized by kbps as a base unit, and X scale and Y scale are normalized by 16 pixels as a base unit. Audio Codec supports predetermined methods represented by numbers 0 to 6. The present invention can be applied to a personal computer.

The embodiment of the invention provides an HTTP (Hyper Text Transport Protocol) tunnel detection method and device, electronic equipment and a storage medium, and relates to the technical field of traffic security detection. The method comprises the following steps: preprocessing a to-be-detected sample to obtain an HTTP session stream; performing feature extraction on the HTTP session stream and generating a grey-scale map; and inputting the grey-scale map into a preset neural network model for detection so as to obtain a probability value that the to-be-detected sample is an HTTP tunnel, performing feature extraction on the HTTP session flow, and enabling the extracted features to more fully reflect session flow features, thereby improving the detection rate and solving the problem of low detection rate of an existing method.

The invention discloses an SDP terminal traffic proxy method and device, equipment and a storage medium. The method comprises the following steps: sending a knock request to an SDP controller through an SDP terminal proxy, receiving a knock result obtained after the SDP controller accesses a target gateway according to the knock request, and then configuring a routing table of a terminal according to the knock result; acquiring an application access request of a user for a target application through a physical network card, and sending the application access request to an HTTP tunnel client according to the routing table, so that a data packet corresponding to the application access request is modified through the HTTP tunnel client, and the modified data packet contains equipment identification information corresponding to a local terminal; and sending the modified data packet to an HTTP tunnel server of the target gateway through the HTTP tunnel client, so that the target gateway performs authority control on the user according to the equipment identification information in the modified data packet. The authentication management and control of the four-layer traffic can be realized.

The invention discloses a network-based data processing method and an electronic device, and the method comprises the steps: intercepting a target data packet, extracting specific first data in the target data packet, and obtaining first type information which is used for representing the type of the target data packet in the first data; obtaining second type information of the current message main body in the target data packet according to the recording content of the first data; and judging whether the intercepted target data packet satisfies a preset release condition according to the first type information and the second type information, and processing the target data packet according to a judgment result. The method is simple in treatment mode and convenient to use. The data packetsent to the target device can be intercepted, whether the data packet meets the preset release condition or not can be accurately judged. In particular, whether the data packet is the data packet constructed based on the HTTP tunnel technology or not can be accurately judged, corresponding processing is carried out, report omission and report error are avoided, and the network security is effectively improved.