Detection method and detection equipment of hidden channel

A detection method and covert channel technology, applied in the field of communication, can solve the problems of high false alarm rate, inability to identify covert channels, inability to detect encrypted data, etc., and achieve the effect of good detection effect and high detection rate.

Active Publication Date: 2017-11-07
HUAWEI TECH CO LTD
View PDF4 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this simple string matching detection technology cannot detect encrypted

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and detection equipment of hidden channel
  • Detection method and detection equipment of hidden channel
  • Detection method and detection equipment of hidden channel

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0100] The following will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the scope of protection of this application.

[0101] It should be understood that in the embodiment of the present application, the client may be a user terminal, and the server may be a website, a database, and the like. Resources needed by the client are stored on the server side, such as webpage files and images described in HyperText Markup Language (HTML). The client can send an HTTP request to the server, and the server sends a corresponding response according to the client's request. There can ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the application provides a detection method and detection equipment of a hidden channel. The detection method comprises the following steps: grouping HTTP (Hyper Text Transport Protocol) request flow according to source IP (Internet Protocol) addresses and target IP addresses of messages in the HTTP request flow to obtain at least one group of messages, and executing subsequent steps for a first group of messages: generating a record table corresponding to the first group of messages according to timestamps and HTTP head tags carried by the messages; performing statistics to obtain a feature value of the first group of messages according to the record table corresponding to the first group of messages; and if the feature value of the first group of messages does not belongs to a normal threshold range of the feature value, determining that a Cookie hidden channel exists in the first group of messages, wherein the normal threshold range of the feature value is trained by HTTP request flow in a history time interval. In the embodiment of the application, whether the hidden channel exists in the HTTP request flow within predetermined time or not is judged through normal ranges of feature values of normal messages, so that the detection effectiveness of the HTTP hidden channel is improved.

Description

technical field [0001] The present application relates to the communication field, in particular to a detection method and detection equipment for a covert channel. Background technique [0002] A covert channel is a mechanism for secretly transmitting information in violation of security policies. Covert channels can be divided into host covert channels and network covert channels according to the different environments in which they exist. A host covert channel is the secret transmission of information between different processes on a host. Network covert channel is the secret transmission of information between different hosts in the network. The network covert channel generally carries effective data in the network protocol for transmission, and transmits normally in the network through the carrier, so as to achieve the secret transmission of effective data without being discovered. [0003] The network covert channel has become an important tool for the attacker to t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06H04L29/08
CPCH04L43/08H04L43/16H04L43/50H04L63/02H04L63/0263H04L63/1408H04L67/02
Inventor 董婷婷
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap