Method using multi-dimensional feature vectors to detect IP ID covert channel

A multi-dimensional feature vector and hidden channel technology is applied in the field of IP ID hidden channel detection using multi-dimensional feature vectors, which can solve the problems of poor practicability and low detection efficiency, and achieve strong applicability, high detection efficiency, and improved detection accuracy. Effect

Inactive Publication Date: 2014-02-12
SUZHOU INST FOR ADVANCED STUDY USTC
View PDF5 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to provide a method for detecting IP ID covert channels using multi-dimensional feature vectors, which solves the problems of low detect

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method using multi-dimensional feature vectors to detect IP ID covert channel
  • Method using multi-dimensional feature vectors to detect IP ID covert channel
  • Method using multi-dimensional feature vectors to detect IP ID covert channel

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0038] Such as image 3 Shown is the frame diagram of IP ID covert channel detection method based on multi-dimensional feature vector. It includes two stages of training and detection, and each stage consists of three modules: preprocessing, feature extraction, and SVM classification learning.

[0039] Such as Figure 4Shown is the flow chart of the detection model training method, and the training phase includes the following steps:

[0040] (1) Preprocessing: For normal training samples, continuously capture N IP data packets, extract the IP header ID field information, and calculate the ID difference Δid of adjacent data packets 1 , Δid 2 ,...,Δid n-1 , where N is the detection window size;

[0041] (2) Feature extraction: Δid in statistical step (1) 1 , Δid 2 ,...,Δid n-1 The mean value E, standard deviation D and entropy value H of the obtained three-dimensional feature vector (E, D, H), where the calculation formula of E, D, H is:

[0042] E(Δid 1 , Δid 2 ,......

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method using multi-dimensional feature vectors to detect an IP ID covert channel. The method comprises the following steps of the feature extracting step 1 of respectively and continuously capturing N IP data packets for normal and abnormal training samples, extracting information of an ID domain of the head of an IP, acquiring the ID difference value of delta id1, delta id2,..., delta idn-1 between adjacent data packets, and carrying out statistics on a mean value E, a standard deviation D and an entropy of the id1, delta id2,..., delta idn-1 to obtain three-dimensional feature vectors, the step 2 of carrying out training on an SVM classifier, repeating the step 1 to obtain a three-dimensional feature vector set of the normal training samples and a three-dimensional feature vector set of the abnormal training samples, and carrying out training on the SVM classifier to obtain a classifying detecting model, and the step 3 of classifying the feature vectors of a channel to be detected through the SVM classifier according to the trained and obtained classifying model. The method is high in detecting efficiency, uses multi-dimensional statistic features as classifying data and improves the detection accuracy.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a method for detecting IP ID hidden channels by using multidimensional feature vectors. Background technique [0002] Information concealment is a new information security technology, which has developed rapidly in recent years and can be widely used in the fields of digital information copyright protection, authentication, and concealed transmission of confidential information. Information hiding technology is to use the redundancy of carrier information to embed concealed information into ordinary information, and send out secret information through the transmission of ordinary information. Information hiding can penetrate network security facilities such as access control, firewall and intrusion detection, and implement hidden communication that is not easy to be detected. [0003] Traditional information hiding mostly uses text, audio, and images as ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06K9/62
Inventor 黄刘生沈瑶缪海波陆潇榕杨威陈志立
Owner SUZHOU INST FOR ADVANCED STUDY USTC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap