|
Reference | Year | Extracted features | Classification method | Defects |
|
[11] | 2018 | Character difference in HTTP header field | Set thresholds | Can only achieve detection of specific HTTP covert channels |
[12] | 2020 | Relative entropy between HTTP header field probability matrices | Set thresholds |
[13] | 2021 | Word-level and character-level high order semantic features of HTTP request text | Traditional machine learning |
[14] | 2019 | Packet interval time | Deep learning | Can only detect covert timing channels |
[15] | 2020 | Packet interval time | Set thresholds |
[16] | 2020 | Packet interval time | Traditional machine learning |
[17] | 2012 | Statistical features of packets, packet interval time, and flow duration | Traditional machine learning | Unstable, general flow statistical features are not directly related to the encoding of the cookie |
[18] | 2015 | Uplink and downlink traffic features, small packets features, packet interval, and transport layer flag | Traditional machine learning |
[19] | 2019 | The number, duration, port information, dissimilarity, and average length ratio of sending to receiving of flow | Traditional machine learning |
[20] | 2022 | General features of network flow | Traditional machine learning |
[21] | 2017 | Convert traffic into images and feed them into deep learning for automatic feature extraction | Deep learning | Poor interpretability, long model training time, when the character level difference is not obvious, the detection effect may not be good |
[22] | 2018 | Encode and aggregate traffic into matrices and feed them into deep learning for automatic feature extraction | Deep learning |
[23] | 2020 | Extract a certain amount of payload within the flow and feed it into deep learning for automatic feature extraction | Deep learning |
|