摘要: As network security is a growing concern, system administrators lock down their networks by closing inbound ports and only allowing outbound communication over selected protocols such as HTTP. Hackers, in turn, are forced to find ways communicate with compromised workstations tunneling through web requests. While several tools attempt analyze traffic for denial-of-service other attacks on servers, Web Tap's focus detecting attempts send significant amounts of information out via HTTP tunnels rogue servers from within an otherwise firewalled network. A related goal Tap help detect spyware programs, which often personal data using transactions may open up holes the Based analysis training period, we designed filters anomalies metrics request regularity, bandwidth usage, inter-request delay time, transaction size. Subsequently, was evaluated available covert programs well test backdoor program, creates remote shell outside protected machine transactions. detected all tested after modest use. also analyzed activity approximately thirty faculty students who agreed use it proxy server 40 day period. It successfully number aware programs. This paper presents design Tap, results its evaluation, potential limits capabilities.
acm.org
sci-hub.se 参考文章(22)
Henry M. Levy, Steven D. Gribble, Stefan Saroiu, Measurement and analysis of spywave in a university environment networked systems design and implementation. pp. 11- 11 ,(2004)
Paul Barford, Azer Bestavros, Adam Bradley, Mark Crovella, Changes in Web client access patterns: Characteristics and caching implications World Wide Web. ,vol. 2, pp. 15- 28 ,(1999) , 10.1023/A:1019236319752
Henry M. Levy, Steven D. Gribble, Stefan Saroiu, Measurement and Analysis of Spyware in a University Environment. networked systems design and implementation. pp. 141- 153 ,(2004)
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Bradley M. Duska, David Marwood, Michael J. Feeley, The Measured Access Characteristics of World-Wide-Web Client Proxy Caches usenix symposium on internet technologies and systems. pp. 3- 3 ,(1997)
H. Frystyk, L. Masinter, J. Mogul, J. Gettys, R. Fielding, P. Leach, T. Berners-Lee, Hypertext Transfer Protocol -- HTTP/1.1 acm conference on hypertext. ,vol. 2068, pp. 1- 162 ,(1997)
Terran Lane, Carla E. Brodley, Temporal sequence learning and data reduction for anomaly detection computer and communications security. pp. 150- 158 ,(1998) , 10.1145/288090.288122
Christopher Krügel, Thomas Toth, Engin Kirda, Service specific anomaly detection for network intrusion detection acm symposium on applied computing. pp. 201- 208 ,(2002) , 10.1145/508791.508835
Christopher Kruegel, Giovanni Vigna, Anomaly detection of web-based attacks computer and communications security. pp. 251- 261 ,(2003) , 10.1145/948109.948144
Terence Kelly, Thin-client Web access patterns: Measurements from a cache-busting proxy Computer Communications. ,vol. 25, pp. 357- 366 ,(2002) , 10.1016/S0140-3664(01)00407-8