摘要： 提出一种基于支持向量机(SVM)的HTTP隧道检测算法，该算法采用SVM提取网络流特征字段，根据特征字段生成训练数据，从而建立HTTP隧道分类检测模型，并结合知名地址匹配和单向流筛选等策略检测HTTP隧道流。与相关算法的对比实验表明，该算法不依赖样本空间的分布，能准确检测HTTP隧道流，具有较好的稳定性。

关键词: 网络流, 特征字段, HTTP隧道检测, 支持向量机

Abstract: This paper presents an algorithm that detects HTTP tunnel based on Support Vector Machine(SVM). It obtains feature fields to generate training sets for building classification model using SVM, and combines famous address matching and the direction selection of HTTP flow to detect the HTTP tunnel traffics. The algorithm is compared with the related algorithm, and the results show it does not use the probability distribution of sample space. It is steady and effective which can detect the HTTP tunnel traffics with high hit ratio.

Key words: network flow, feature field, HTTP tunnel detection, Support Vector Machine(SVM)

中图分类号: 

• TP311.52