Traffic preprocessing method and device for HTTP (Hyper Text Transport Protocol)

The invention provides a traffic preprocessing method and device for an HTTP (Hyper Text Transport Protocol). The method comprises the following steps of: processing HTTP traffic to be processed; the HTTP protocol flow to be processed is preprocessed, so that a preprocessing result is obtained; wherein the preprocessing comprises length processing, list processing and entropy calculation. According to the method, the HTTP protocol is preprocessed from the perspective of malicious traffic research through the modes of length processing, list processing and entropy calculation, more HTTP protocol analysis preprocessing with the characteristics of the protocol, higher implementation efficiency and higher information utilization rate is reserved, and missing report is avoided to the greatest extent during later protocol detection. 本发明提供一种用于HTTP协议的流量预处理方法和装置，包括：待处理HTTP协议流量；对所述待处理HTTP协议流量进行预处理，以得到预处理结果；其中，所述预处理包括长度处理、列表处理和熵值计算。本发明通过长度处理、列表处理和熵值计算的方式，以研究恶意流量的角度对HTTP协议进行预处理，将更多的保留协议的特征，实现效率更高、信息利用率更的HTTP协议解析预处理，最大可能在