ICMP hidden tunnel detection method and device and computer equipment
The invention relates to an ICMP hidden tunnel detection method and device, computer equipment, a storage medium and a computer program product. The method comprises the steps that ICMP data packets are continuously obtained, the load difference between the currently obtained ICMP data packet and a...
Gespeichert in:
| Hauptverfasser: | , , , , , , , , , , , , , , , , , , , , , , , |
|---|---|
| Format: | Patent |
| Sprache: | chi ; eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The invention relates to an ICMP hidden tunnel detection method and device, computer equipment, a storage medium and a computer program product. The method comprises the steps that ICMP data packets are continuously obtained, the load difference between the currently obtained ICMP data packet and a previous ICMP data packet is calculated, the previous ICMP data packet is the recently obtained ICMP data packet with the same source IP and target IP as the currently obtained ICMP data packet, and the load difference reflects the difference condition of data bits of the two ICMP data packets; and the load difference is input into a pre-trained hypersphere model, and an ICMP hidden tunnel detection result is obtained. By adopting the method, the problems of high false alarm rate, high hysteresis and the like of a traditional ICMP hidden tunnel detection method can be effectively solved, and the beneficial effect of improving the detection comprehensiveness and accuracy is achieved.
本申请涉及一种ICMP隐蔽隧道检测方法、装置、计算机设备、存储介 |
|---|