English | 中文

【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 44次   下载 54 本文二维码信息
分享到: 微信 更多
(中国科学院大学 网络空间安全学院, 北京 中国 100049;中国科学院信息工程研究所 信息内容安全技术国家工程实验室, 北京 中国 100093)
关键词:  网页代理  服务发现  主被动结合  谱聚类分析
A Web Proxy Detection Method based on Multiple Feature Analysis
CHEN Zhipeng,ZHANG Peng,HUANG Caiyun,LIU Qingyun,XING Lichao
School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;State Key Laboratory Of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
Web proxies offer a quick and convenient solution for routing web traffic towards a destination. In contrast to more elaborate relaying systems, such as anonymity networks, VPN services or Socks proxies, users can freely connect to web proxies without installing any special software. Therefore, web proxies are an attractive option for bypassing restrictions and hiding identity. However, it has become a much more serious problem for personal privacy, malicious advertisements and property safety due to its dynamics, and evasiveness. Therefore, how to quickly and effectively detect the web proxies from a large number of web pages is an important challenge. To solve this problem, this paper presents an active and passive web proxy detection method based on multiple feature analysis, named ProxyMiner. On the active side, the DOM features unique to Web proxy are introduced, and the method of machine learning is used for predictive analysis. On the passive side, based on the access model specific to the proxy service user, spectral clustering analysis is performed on the proxy user by constructing a bipartite graph, and the top-level domain names accessed by the proxy user group are obtained to discover the proxy service. This method is based solely on the client IP address and the destination address, and does not require any information about HTTP headers (often maliciously modified) or data packets (usually encrypted or unavailable). The experimental results show that ProxyMiner can significantly improve the detection performance and reduce the average detection time compared to traditional detection methods.
Key words:  web proxy  service discovery  active and passive  spectral clustering analysis