Sciweavers

ICC
2007
IEEE

Detecting HTTP Tunnels with Statistical Mechanisms

14 years 5 months ago
Detecting HTTP Tunnels with Statistical Mechanisms
Abstract— Application Level Gateways and firewalls are commonly used to enforce security policies at network boundaries, especially in large-sized business networks. However, several mechanisms can be used to circumvent these policies and bypass the whole security infrastructure: for example, tunneling an (otherwise blocked) application layer protocol into another one allowed by the policy, such as HTTP. In this paper we propose the application of a statistically-based traffic classification technique to solve this problem. By the analysis of inter–arrival time, size and order of the packets crossing a gateway, we show that it is possible to detect with high accuracy whether an observed flow is carrying a legitimate HTTP session, or the flow is being used to tunnel another protocol. This paper describes how this technique can be used effectively to enhance Application Level Gateways and firewalls, helping to better apply network security policies.
Manuel Crotti, Maurizio Dusi, Francesco Gringoli,
Added 02 Jun 2010
Updated 02 Jun 2010
Type Conference
Year 2007
Where ICC
Authors Manuel Crotti, Maurizio Dusi, Francesco Gringoli, Luca Salgarelli
Comments (0)