HTTP tunnel

Abstract: A method and system for providing a persistent HTTP tunnel for a connection-oriented protocol between a client and a Web server. A data message complying with the connection-oriented protocol is generated and embedded into a chunked data message in compliance with a chunking option for the HTTP. The chunked data message is transmitted between a client and a Web server. Upon receiving any chunked data message at the Web server, the Web server parses the chunked data message and delivers the data message to a host system. Upon receiving any chunked data message at the client, the client parses the chunked data message and delivers the data message to a terminal emulator running on the client. This allows a terminal session to be supported by a real-time bi-directional persistent connection with the host system. The bi-directional persistent connection allows interleaving of the chunked data messages from the Web client with the chunked data messages on the Web server on the persistent HTTP tunnel.

Abstract: Application level gateways and firewalls are commonly used to enforce security policies at network boundaries, especially in large-sized business networks. However, several mechanisms can be used to circumvent these policies and bypass the whole security infrastructure: for example, tunneling an (otherwise blocked) application layer protocol into another one allowed by the policy, such as HTTP. In this paper we propose the application of a statistically-based traffic classification technique to solve this problem. By the analysis of inter-arrival time, size and order of the packets crossing a gateway, we show that it is possible to detect with high accuracy whether an observed flow is carrying a legitimate HTTP session, or the flow is being used to tunnel another protocol. This paper describes how this technique can be used effectively to enhance application level gateways and firewalls, helping to better apply network security policies.

Abstract: Systems, methods, and media for a schema-based portal for assessment and integration of silicon IPs are disclosed. Embodiments may generally include an IP portal system having a portal interface to receive inputs from users and to provide output to users and a database interface to transmit and receive information to and from a silicon IP database and an IP file system. Embodiments of the system may also include a secure access layer (HTTP tunnel, firewall, or proprietary secure access protocol) to securely communicate information and an internal interface protocol and an external interface protocol and the secure access layer. The internal interface protocol may authorize and encrypt communications to an internal user or design system and the external interface protocol may authorize and encrypt communications to an external user or design system. The portal interface may be a Web-based interface and schema-based in some embodiments.

Abstract: This thesis studies the application of machine learning to the field of Cyber security. Machine learning algorithms promise to enhance Cyber security by identifying malicious activity based only on provided examples. However, a major difficulty is the unsuitability of raw Cyber security data as input. In an attempt to address this problem, this thesis presents a framework for automatically constructing relevant features suitable for machine learning directly from network traffic. We then test the effectiveness of the framework by applying it to three Cyber security problems: HTTP tunnel detection, DNS tunnel detection, and traffic classification.