ICMP covert channel detection method based on random forest

A covert channel and random forest technology, applied in machine learning, computer components, sustainable communication technology, etc., can solve problems such as complex detection calculations, low detection accuracy, and high resource consumption

Active Publication Date: 2020-12-15
SICHUAN UNIV
View PDF13 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] "A random forest-based ICMP covert channel detection method" is an invention proposed during the detection process of data packets containing ICMP messages in network traffic. One purpose of the present invention is to detect and calculate existing ICMP covert channels Complexity, low detection accuracy, excessive resource consumption and other shortcomings, a ICMP covert channel detection method based on random forest classification is proposed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ICMP covert channel detection method based on random forest
  • ICMP covert channel detection method based on random forest
  • ICMP covert channel detection method based on random forest

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The present invention is divided into four modules. The purpose of the first module is to reduce other protocols or traffic unrelated to covert channel detection, thereby improving detection efficiency, accuracy and reducing interference. The purpose of the second module is to obtain ICMP data packets that only belong to the communication parties. The purpose of the third module is to obtain more targeted ICMP packet flow characteristics. The purpose of the fourth module is to form a high-efficiency and high-accuracy classifier based on the characteristics of module three through machine learning algorithms, so as to achieve fast and accurate ICMP covert channel detection.

[0018] The present invention will be further described below in conjunction with the accompanying drawings.

[0019] Such as figure 1 As shown, it is a diagram describing the technical architecture of the present invention, with a layered model architecture. Each layer has different functional di...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of machine learning algorithms and covert channel detection, and aims to provide an ICMP covert channel detection method based on a random forest machine learning algorithm. According to the technology, firstly, data packets of inter-network communication are captured, basic information (a source IP address, a destination IP address and the like) related to the data packets in the data packets is extracted, the information is classified, an ICMP message flow is formed according to the information, and characteristics are extracted from the corresponding ICMPmessage flow by utilizing a specific rule of the method; the method comprises the following steps: obtaining the characteristics of the ICMP message communication data flow between a source IP addressand a destination IP address, training the characteristics by using a random forest-based machine learning method, and finally obtaining a classifier for detecting an ICMP covert channel. When the method is used for ICMP covert channel detection, the calculation cost and the time cost are low, the generated ICMP flow features are strong in pertinence and high in reliability, and the ICMP covert channel can be effectively detected.

Description

technical field [0001] The present invention relates to network flow monitoring technology, and aims to detect ICMP data packets by using the characteristics of ICMP flow and random forest algorithm. The core is to extract features from captured normal ICMP messages and abnormal ICMP messages, and generate Classification models generated by rules and machine learning methods to identify ICMP covert channel communication behavior. Background technique [0002] With the rapid development of computer network technology, more and more advanced technologies are correspondingly born. At the same time, the emergence of information security problems is also serious. The hidden tunnel problem is a serious information security problem at present. The hidden tunnel is a method based on the loopholes of the network protocol to use the redundancy of various network protocols to secretly transmit data and attack the network. Although intrusion detection systems, firewalls and other secur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N20/00H04L29/06
CPCG06N20/00H04L63/1433H04L63/1408G06F18/24323Y02D30/50
Inventor 刘亮胡星高郑荣锋周安民
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap