| 摘要 |
For classifying a TCP connection carrying HTTP traffic as trusted or untrusted, an analyser device performs: detecting an HTTP request message of an HTTP session carried by the TCP connection; obtaining, from headers of the detected HTTP request message, information to build a signature of the HTTP session; comparing the built signature with signatures stored beforehand in a signatures database; classifying the TCP connection as trusted, when the built signature matches a signature that is stored beforehand in the signatures database and that is representative of a trusted HTTP client application; performing an authentication procedure, when the built signature does not match any signature stored beforehand in the signatures database, the authentication procedure requesting a user to provide authentication data; adding the built signature in the signatures database, when valid authentication data are provided by the user, the signature of the HTTP session being representative in the signatures database of a trusted HTTP client application, and classifying the TCP connection as trusted; and otherwise, classifying the TCP connection as untrusted. |
