超文本传输协议(Hyper Text Transfer Protocol,HTTP)隧道具有穿越防火墙和规避入侵检测系统识别的能力,给信息安全带来严重威胁.然而现阶段的HTTP隧道检测方法识别能力不足、难以应对特征复杂的HTTP隧道.文中分析了 HTTP隧道数据包与正常HTTP数据包之间的差别,针对目前HTTP隧道检测方法存在的不足,提出了一种仅需提取小部分流量数据的基于卷积神经网络的HTTP隧道检测方法.实验结果表明,基于卷积神经网络的HTTP隧道检测方法能有效识别网络中的HTTP隧道流量,检测精确率、召回率、F1分数均达到99%以上,且不需要人工选择大量的专家特征,对网络流量监管有重要意义.
Detection of HTTP tunnel based on convolutional neural network
HTTP(Hyper Text Transfer Protocol)tunnel owns the ability to pass through the firewall and a-void the identification of intrusion detection system,which brings serious threats to information security.However,the current HTTP tunnel detection methods have insufficient identification ability and are difficult to deal with the complex characteristics.The differences between HTTP tunnel packets and normal HTTP packets are analyzed.To solve the shortcomings of current HTTP tunnel detection methods,a HTTP tunnel detection method based on convolutional neural network which only needs to extract a small part of data is proposed.The experiment results show that the HTTP tunnel detection method based on convolutional neu-ral network can effectively identify the HTTP tunnel traffic in the network,and the detection accuracy rate,recall rate and Fl score can reach more than 99%.Besides,it does not need to manually select a large number of expert features,which is of great significance for the network traffic supervision.
Hyper Text Transfer Protocolnetwork tunnelintrusion detectioninformation securityconv-olutional neural network
万方数据
维普
