Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detection method and device for carrying out covert channel communication based on ICMP protocol

A covert channel and detection method technology, applied in the field of communication, can solve the problems of ICMP communication not strictly complying with ICMP protocol specifications and RFC standards, difficulty in troubleshooting network communication, and high performance consumption, so as to achieve normal operation, good detection performance, The effect of high detection efficiency

Active Publication Date: 2019-10-11
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, in the prior art, there are mainly two detection methods for covert channels based on the ICMP protocol: scheme 1, checking the content of the ICMP data packet, judging whether the content of the ICMP data packet conforms to the ICMP protocol specification and requesting comments (Request For Comments, RFC) standard; this scheme 1 has the following disadvantages: the consumption performance is relatively large, the performance requirements of the detection equipment are relatively high, and many normal ICMP communications do not strictly abide by the ICMP protocol specification and RFC standard; scheme 2 completely prohibits the ICMP protocol, In solution 2, because the ICMP protocol is completely prohibited, the commands such as ping and tracert to check whether the network is unreachable are invalid, making it very difficult to check whether the network is unreachable.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device for carrying out covert channel communication based on ICMP protocol
  • Detection method and device for carrying out covert channel communication based on ICMP protocol
  • Detection method and device for carrying out covert channel communication based on ICMP protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0054] An embodiment of the present invention provides a detection method for covert channel communication based on the ICMP protocol, which is applied to the detection field of covert channels and executed by electronic equipment in the corresponding field. The electronic equipment may be, for example, a detection device or a controller of the detection device.

[0055] Such as figure 1 As shown, the method includes:

[0056] Step S102, analyzing the acquired ICMP flow message to obtain the transmission identifier and transmission content;

[0057] Step S104, judging whether the transmission content is messy;

[0058] Step S106, if the transmission content is messy, determine whether the request content corresponding to the target transmission identifier is the same as the response content;

[0059] Step S108, if the request content corresponding to the target transmission identifier is different from the response content, determine the covert channel communication behavior...

Embodiment 2

[0137] Such as Figure 4 As shown, the embodiment of the present invention provides a detection device for covert channel communication based on the ICMP protocol, the device includes:

[0138] The flow analysis module 400 is used to analyze the obtained ICMP flow message to obtain the transmission identification and transmission content;

[0139] The first judging module 500 is used to judge whether the transmission content is messy;

[0140] The second judging module 600 is configured to judge whether the request content corresponding to the target transmission identifier is the same as the response content if the transmission content is messy;

[0141] The channel determination module 700 is configured to determine a covert channel communication behavior based on the target transmission identifier if the request content corresponding to the target transmission identifier is different from the response content.

[0142]Further, the first judging module 500 is used to group...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a detection method and device for covert channel communication based on an ICMP protocol, and relates to the field of communication, and the method comprises the steps: analyzing an obtained ICMP flow message, and obtaining a transmission identification and a transmission content; judging whether the transmission content is messy or not; if the transmission content is messy,judging whether the request content and the response content corresponding to the target transmission identifier are the same or not; and if the request content and the response content correspondingto the target transmission identifier are different, determining a covert channel communication behavior based on the target transmission identifier. Whether the covert channel communication behaviorbased on the ICMP exists or not is recognized based on flow analysis, the performance requirement for detection equipment is lowered, the detection efficiency is improved, meanwhile, use of a networktroubleshooting tool is not affected, and normal operation of a network is facilitated.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to a detection method and device for concealed channel communication based on the ICMP protocol. Background technique [0002] The Internet Control Message Protocol (Internet Control Message Protocol, ICMP) is a sub-protocol of the TCP / IP protocol suite, which is used to transmit control messages between IP hosts and routers. The control message refers to the message of the network itself such as whether the network is unreachable, whether the host is reachable, and whether the route is available. Commonly used commands such as ping and tracert to check whether the network is unreachable are based on the ICMP protocol. [0003] Covert channel communication based on ICMP protocol, as its name implies, is a method of using ICMP protocol for data transmission to achieve communication means. Because ICMP uses a lower-standard communication protocol, the traffic in the network is...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26
CPCH04L43/12H04L43/16H04L43/18
Inventor 沈伟范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com