Entropy analysis
Definition
A statistical technique that measures the randomness of data in a field or stream. Protocol fields that should contain low-entropy predictable values (such as a TTL or a constant padding byte) show anomalously high entropy when used to carry compressed or encrypted covert data.
Related terms
- Covert channel
- Any communication path that was not intended by the system designer and that bypasses access-control or monitoring policies. Network covert channels are...
- DNS tunnelling
- Encoding data inside DNS queries and responses to exfiltrate information or carry command-and-control traffic through a network that permits DNS but blocks...
- Protocol anomaly detection
- A detection method that compares observed network traffic against the formal specification of each protocol (its RFC or standard) and flags fields...
- Storage channel
- A covert channel that encodes information in the value of a protocol field, such as the IP Identification field or a DNS...
- Timing channel
- A covert channel that encodes information in the intervals between network events, such as inter-packet delays, rather than in packet content. Timing...
Explained in
- Network Steganography and Covert ChannelsA statistical technique that measures the randomness of data in a field or stream. Protocol fields that should contain low-entropy predictable values (such as...