Network covert channel detecting method

A detection method and covert channel technology, applied in the direction of data exchange network, digital transmission system, electrical components, etc., to achieve the effect of improving reliability and reliable detection

Inactive Publication Date: 2012-07-18
CHANGSHU RES INSTITUE OF NANJING UNIV OF SCI & TECH
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Technical problem to be solved by the present invention: Aiming at the problem that there is no effective hidden channel detection method for FTP command sequence coding a

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network covert channel detecting method
  • Network covert channel detecting method
  • Network covert channel detecting method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] In order to clearly describe the implementation process of the present invention, specific embodiments are described step by step below.

[0034] (1) Data acquisition

[0035] Using the packet capture program designed based on Winpcap, by setting the destination port, and storing the FTP data packets on a single link according to the data of the source IP, destination IP and source port, and then extracting its command information to form a command sequence for FTP communication Denote as C=[C 1 , C 2 ,...,C m ], where C m Extract FTP commands for a single link.

[0036] (2) Model establishment

[0037] The above obtained FTP communication command sequence C=[C 1 , C 2 ,...,C m ] is transformed into its corresponding behavior mode and recorded as o=[o 1 , o 2 ,...o n ], and use the Markov chain method to model the obtained n behaviors, and obtain the Markov model as M=(P, Q), where P is the transition probability matrix of the n behaviors, and Q is the FTP beha...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An FTP (File Transfer Protocol) command-sequence-coding network covert channel (FTP-NCC) is a covert communication mode that a transmitting end embeds covert information into a normal FTP application by a certain coding mode. The invention discloses a network covert channel detecting method for the FTP command sequence coding on the basis of a Markov model. The network covert channel detecting method comprises two steps of training and detection, wherein the training step is used for acquiring the Markov model of a normal FTP communication command data stream; the detection step is used for performing FTP-NCC detection by using a maximum posterior probability method according to the model obtained by the training step. The method can realize reliable detection for the FTP-NCC.

Description

technical field [0001] The invention belongs to the technical field of communication and information security, and relates to a computer network-oriented covert channel detection method, in particular to a network covert channel (FTP-NCC) detection method for FTP command sequence coding. Background technique [0002] Network covert communication refers to the technology of using computer network communication data as a carrier to hide secret data in it to implement covert communication. It is a collection of data communication, computer network, information hiding, information security, etc. cross technology. The prominent feature of network covert communication is its high concealment, which can penetrate general network security facilities such as access control, firewall and intrusion detection. It is one of the important risks of information leakage in current network information systems. [0003] Network hidden channels can be divided into two categories: storage type ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/08
Inventor 翟江涛刘光杰戴跃伟王浩
Owner CHANGSHU RES INSTITUE OF NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap