|
| Reference | Year | Extracted features | Classification method | Defects |
|
| [11] | 2018 | Character difference in HTTP header field | Set thresholds | Can only achieve detection of specific HTTP covert channels |
| [12] | 2020 | Relative entropy between HTTP header field probability matrices | Set thresholds |
| [13] | 2021 | Word-level and character-level high order semantic features of HTTP request text | Traditional machine learning |
| [14] | 2019 | Packet interval time | Deep learning | Can only detect covert timing channels |
| [15] | 2020 | Packet interval time | Set thresholds |
| [16] | 2020 | Packet interval time | Traditional machine learning |
| [17] | 2012 | Statistical features of packets, packet interval time, and flow duration | Traditional machine learning | Unstable, general flow statistical features are not directly related to the encoding of the cookie |
| [18] | 2015 | Uplink and downlink traffic features, small packets features, packet interval, and transport layer flag | Traditional machine learning |
| [19] | 2019 | The number, duration, port information, dissimilarity, and average length ratio of sending to receiving of flow | Traditional machine learning |
| [20] | 2022 | General features of network flow | Traditional machine learning |
| [21] | 2017 | Convert traffic into images and feed them into deep learning for automatic feature extraction | Deep learning | Poor interpretability, long model training time, when the character level difference is not obvious, the detection effect may not be good |
| [22] | 2018 | Encode and aggregate traffic into matrices and feed them into deep learning for automatic feature extraction | Deep learning |
| [23] | 2020 | Extract a certain amount of payload within the flow and feed it into deep learning for automatic feature extraction | Deep learning |
|
