Chapter 24: Standard
• High Entropy, page 311
• Statistical Protocol IDentification, page 311
24.1. High Entropy
High Entropy is a virtual protocol used to detect potentially encrypted payloads. Important note:
the classification of this layer is effective since the 4.18.0 version of the ixEngine framework. The
classification is based on two methods: entropy value computation, and printable strings
detection. This concerns only unknown sessions over tcp and udp.
Family: Behavioral
Over: unknown
Revision: 3
Risk level: 1
Tag: Not Used
24.2. Statistical Protocol IDentification
SPID (Statistical Protocol IDentification) is a statistical classification engine, used to identify
encrypted or obfuscated streams from advanced Peer-to-peer or VPN protocols (ex: BitTorrent
RC4 streams).
Family: Behavioral
Over: socks4
Over: socks5
Over: tcp
Over: udp
Revision: 8
Risk level: 1
Tag: Not Used
311
To Next Page
Loading...
