基于信息熵SVM的ICMP隐蔽通道检测研究

计算机应用 ›› 2009, Vol. 29 ›› Issue (07): 1796-1798.

基于信息熵SVM的ICMP隐蔽通道检测研究

许晓东¹,王传安²,朱士瑞¹

1.
2. 江苏大学

收稿日期:2009-01-12 修回日期:2009-03-02 发布日期:2009-07-01 出版日期:2009-07-01
通讯作者: 王传安
基金资助:
省部级基金

Covert channel detection in ICMP payload based on information entropy SVM

Received:2009-01-12 Revised:2009-03-02 Online:2009-07-01 Published:2009-07-01

摘要/Abstract

摘要：

许多网络设备考虑ICMP流量是良性，对其负载部分不进行检测，因此，攻击者可以将生成的任意信息隐藏在ICMP的有效负载中。将信息熵引入到支持向量机建模中，分析了高熵点与支持向量的关系，进一步构造出用于检测ICMP负载隐蔽通道的信息熵支持向量机模型，最后给出了相关实验，实验结果表明使用信息熵支持向量机检测ICMP负载隐蔽通道具有较快的分类速度和较高的分类精度。

关键词: 支持向量机;ICMP;信息熵;隐蔽通道

Abstract:

ICMP traffic is often considered to be benign，so network equipment does not check its payload．Therefore，an attacker can hide any generated information in the payload of ICMP. The paper analyzed the relation between larger entropy value of the data plane and the support vector machine data，and a new information entropy support vector machine model was proposed．Preliminary experimental results show that the information entropy support vector machine performs well in classification speed and accuracy．

中图分类号:

许晓东王传安朱士瑞. 基于信息熵SVM的ICMP隐蔽通道检测研究[J]. 计算机应用, 2009, 29(07): 1796-1798.