基于卷积神经网络的HTTP隧道检测  

Detection of HTTP tunnel based on convolutional neural network

在线阅读下载全文

作  者:宋松山 黄文培[1] 李颖颖 杜圳 SONG Song-shan;HUANG Wen-pei;LI Ying-ying;DU Zhen(School of Information Science and Technology,Southwest Jiaotong University,Chengdu 611756,China;School of Computer and Artificial Intelligence,Southwest Jiaotong University,Chengdu 611756,China)

机构地区:[1]西南交通大学信息科学与技术学院,成都611756 [2]西南交通大学计算机与人工智能学院,成都611756

出  处:《信息技术》2024年第7期160-166,共7页Information Technology

摘  要:超文本传输协议(Hyper Text Transfer Protocol,HTTP)隧道具有穿越防火墙和规避入侵检测系统识别的能力,给信息安全带来严重威胁。然而现阶段的HTTP隧道检测方法识别能力不足、难以应对特征复杂的HTTP隧道。文中分析了HTTP隧道数据包与正常HTTP数据包之间的差别,针对目前HTTP隧道检测方法存在的不足,提出了一种仅需提取小部分流量数据的基于卷积神经网络的HTTP隧道检测方法。实验结果表明,基于卷积神经网络的HTTP隧道检测方法能有效识别网络中的HTTP隧道流量,检测精确率、召回率、F1分数均达到99%以上,且不需要人工选择大量的专家特征,对网络流量监管有重要意义。HTTP(Hyper Text Transfer Protocol)tunnel owns the ability to pass through the firewall and avoid the identification of intrusion detection system,which brings serious threats to information security.However,the current HTTP tunnel detection methods have insufficient identification ability and are difficult to deal with the complex characteristics.The differences between HTTP tunnel packets and normal HTTP packets are analyzed.To solve the shortcomings of current HTTP tunnel detection methods,a HTTP tunnel detection method based on convolutional neural network which only needs to extract a small part of data is proposed.The experiment results show that the HTTP tunnel detection method based on convolutional neural network can effectively identify the HTTP tunnel traffic in the network,and the detection accuracy rate,recall rate and F1 score can reach more than 99%.Besides,it does not need to manually select a large number of expert features,which is of great significance for the network traffic supervision.

关 键 词:超文本传输协议 网络隧道 入侵检测 信息安全 卷积神经网络 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象