Login
Register
Submit a Paper
Propose a Special lssue
Open Access
ARTICLE
ICMPTend: Internet Control Message Protocol Covert Tunnel Attack Intent Detector
1 State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing, 100876, China
2 State Key Laboratory of Cryptology, Beijing, 100878, China
3 National Computer Network Emergency Response Technical Team/Coordination Center of China, 100029, China
4 Pennsylvania State University, State College, 16801, USA
* Corresponding Author: Hua Zhang. Email:
Computers, Materials & Continua 2022, 71(2), 2315-2331. https://doi.org/10.32604/cmc.2022.022540
Received 10 August 2021; Accepted 16 September 2021; Issue published 07 December 2021
View Full Text
Download PDFAbstract
The Internet Control Message Protocol (ICMP) covert tunnel refers to a network attack that encapsulates malicious data in the data part of the ICMP protocol for transmission. Its concealment is stronger and it is not easy to be discovered. Most detection methods are detecting the existence of channels instead of clarifying specific attack intentions. In this paper, we propose an ICMP covert tunnel attack intent detection framework ICMPTend, which includes five steps: data collection, feature dictionary construction, data preprocessing, model construction, and attack intent prediction. ICMPTend can detect a variety of attack intentions, such as shell attacks, sensitive directory access, communication protocol traffic theft, filling tunnel reserved words, and other common network attacks. We extract features from five types of attack intent found in ICMP channels. We build a multi-dimensional dictionary of malicious features, including shell attacks, sensitive directory access, communication protocol traffic theft, filling tunnel reserved words, and other common network attack keywords. For the high-dimensional and independent characteristics of ICMP traffic, we use a support vector machine (SVM) as a multi-class classifier. The experimental results show that the average accuracy of ICMPTend is 92%, training ICMPTend only takes 55 s, and the prediction time is only 2 s, which can effectively identify the attack intention of ICMP.Keywords
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Downloads
Citation Tools
