| Summary: | 碩士 === 國立中央大學 === 資訊管理學系 === 104 === In the era of Internet, the most enterprise data is stored within the enterprise hosts, and these hosts is bound directly or indirectly linked with the network. Although there are convenient access and management, it also promotes hackers to steal enterprise data by the use of Internet, resulting in serious leakage of information. In recent years, in order to hide the trace, hackers often use HTTP protocol as the channel of attacking and control victims with malicious software, causing leakage of corporate data or confidential information. Because these actions all generate HTTP traffic, how early detection of the suspicious traffic will be an important issue in the field of information security.
This study proposes a HTTP traffic detection system which is based on Support Vector Machine and characterized by the use of the HTTP protocol establishment which may be carrying suspicious traffic. We lessen the restriction of the establishment of normal model. The restriction is that requiring a lot of traffic logs to be analyzed for the relationship establishment between hosts in the Internet. Unlike previous research literature about detecting malicious packets, this study proposes to establish the anomaly detection model by different type of the HTTP request packets, then reassemble packets to a complete HTTP traffic. The experiments in this study show that we can establish the HTTP traffic anomaly detection model, which detect suspicious traffic caused by malicious software with detection rate is 88%.
|
|---|
