Concealed channel detection method based on multi-scale flow analysis technology

Abstract

The invention discloses a concealed channel detection method based on a multi-scale flow analysis technology, and the method comprises the following steps: obtaining the information of a detection andanalysis scene, and collecting the network traffic data in the detection and analysis scene through DPDK; preprocessing the collected network traffic data to obtain a single data packet, a session flow and a communication flow; establishing a corresponding meta-database according to the related characteristics of the single data packet, the session flow and the communication flow; importing the obtained single data packet, session flow and communication flow into the corresponding meta-database for black and white matching to obtain priori knowledge; establishing a multi-scale feature analysis model; and importing the obtained single data packet, session flow and communication flow into the multi-scale feature analysis model for analysis and detection, and generating a detection report. According to the invention, the false alarm rate and missing report rate of concealed channel detection can be effectively reduced, the comprehensiveness and accuracy of concealed channel detection areimproved, and the transmission security of network information is ensured.

Description

technical field [0001] The invention relates to the technical field of covert channel detection methods, in particular to a covert channel detection method based on multi-scale flow analysis technology. Background technique [0002] As a kind of "private channel in the network, invisible channel in the channel, and non-channel channel", the network covert channel has the characteristics of cross-network heterogeneity, diverse protocols, polymorphic applications, arbitrary hidden positions, and complex hidden methods. Many traditional security detection devices are deployed, but there are still a large amount of unidentifiable data and protocols, and these communications cannot be inspected and supervised. Most of the traditional covert channel detection technologies are aimed at single-type and single-scale detection schemes, with poor generalization ability and unable to be effective for new multi-modal network covert channels. It is urgent to propose new ideas and new meth...

AI Technical Summary

Problems solved by technology

[0003] In view of the above problems, the present invention provides a covert channel detection method based on multi-scale flow analysis technology, which uses multi-scale deep analysis technology to analyze the characteristics of network data in three dimensions: single data packet, session flow and communication flow, A multi-scale covert channel detection model is established to solve the current problem that the covert channel cannot be comprehensively and deeply detected due to the variety of covert channels, thereby reducing the false alarm rate and false negative rate of covert channel detection, and improving the detection of covert channels. The comprehensiveness and accuracy of the detection helps to ensure the security of network information transmission

Images