Multidimensional feature vector detecting ip id hidden channel method
暂无分享,去创建一个
The present invention discloses a multi-dimensional feature vector using hidden channel IP ID detection method, comprising the steps of: (1) feature extraction step of: for each training normal and abnormal samples, the N successively captured IP packet, extracts the IP header ID field information to obtain the difference between adjacent data packet ID Δid1, Δid2, ..., Δidn-1, where N is the size of the detection window; statistical Δid1, Δid2, ..., Δidn-1 E, the mean, standard deviation D and entropy H, to give a three-dimensional feature vector; (2) SVM classifier training: using repeating steps (1) to give a normal three-dimensional feature vector set of training samples and unusual three-dimensional feature vector set of training samples were SVM classifier training, be sorted detection model; (3) according to the trained classification, SVM, the classification feature vector detection device to treat a channel classification, the classification results obtained. The method of high detection efficiency, the use of multi-dimensional statistical characteristics as a basis for classification, improving the detection accuracy.