首页>
外国专利>
A SYSTEM AND METHOD FOR NETWORK INTRUSION DETECTION OF COVERT CHANNELS BASED ON OFF-LINE NETWORK TRAFFIC
A SYSTEM AND METHOD FOR NETWORK INTRUSION DETECTION OF COVERT CHANNELS BASED ON OFF-LINE NETWORK TRAFFIC
展开▼
机译:基于离线网络流量的秘密渠道网络入侵检测系统及方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
A network intrusion detection system and method is configured to receive off-line network traffic. The off-line network traffic with a predefined format, PCAP file, is capable of indicating existence of a plurality of covert channels associated with a corresponding plurality of covert channel signatures. Each covert channel comprises a tool that communicates messages by deviating from a standard protocol to avoid detection. A plurality of covert channel processors are configured to analyze off-line network traffic. The analysis determines whether the off-line network traffic deviates from the standard protocol based on one or more covert channel signatures. The covert channels are employed in at least one standard layer of the standard protocol stack and the off-line network data traffic comprises at least one standard protocol stack having multiple standard layers.
展开▼