基于Web应用目录树的隐蔽信道构造研究

发布时间：2018-03-05 04:05

本文选题：隐蔽信道　切入点：Web应用　出处：《南京理工大学》2017年硕士论文　论文类型：学位论文

【摘要】：网络隐蔽信道为因特网中的两个通信实体提供了信息隐蔽传输的能力,它利用因特网中无处不在的协议数据包作为载体进行信息的隐蔽传输,因此它是网络环境安全的严重威胁之一。HTTP协议作为因特网上最常用的协议之一,大约占了因特网上所有流量的一半,因此也成了网络隐蔽信道滋生的沃土。目前已经存在的基于HTTP协议的隐蔽信道大部分都是利用网页重定向、Cookies、HTTP请求头和HTML元素等来进行构造。本文针对现存的基于HTTP协议的网络隐蔽信道的一些不足之处,利用HTTP请求行为和树这种数据结构,提出了一种基于Web应用目录树的隐蔽信道构造方法。本文提出在HTTP协议上利用浏览器发出的HTTP请求来构造隐蔽信道,不需要使用额外的客户端程序;通过多主机和多Web应用构成多路径请求传输模式,利用多个浏览器向不同的Web应用发送HTTP请求来传输隐蔽信息片段,使得隐蔽信道具有较高的信道容量和较强的隐蔽性;提出了模拟HTTP数据包间间隔的方案来模拟正常的浏览器的请求行为,可以提高隐蔽信道的抗检测性能;而HTTP协议在运输层使用了 TCP协议的可靠传输服务,因此该隐蔽信道即使在较差的网络环境中遇到HTTP数据包丢失和乱序等情况的概率也比较低。本文致力于设计并实现基于Web应用目录树的隐蔽信道构造方法,并通过实验结果评价了该隐蔽信道的容量、鲁棒性和隐蔽性。实验证明,隐蔽信道能够躲避现有的两种检测基于HTTP协议隐蔽信道的方法(基于协议指纹的检测方法和基于应用签名的检测方法)。在网络环境较差的情况下,该信道仍具有较好的信道容量、鲁棒性和隐蔽性,因此它是一种新型和有效的基于HTTP请求行为的网络隐蔽信道。
[Abstract]:The network covert channel provides the ability of information covert transmission for two communication entities in the Internet. It uses the ubiquitous protocol packets in the Internet as the carrier to carry out the covert transmission of information. Therefore, it is one of the serious threats to the security of the network environment. As one of the most commonly used protocols on the Internet, the HTTP protocol accounts for about half of all traffic on the Internet. Most of the existing covert channels based on HTTP protocol are constructed by using web page redirect Cookies-HTTP request header and HTML elements, etc. This paper aims at the existing covert channels based on HTTP protocol. Some shortcomings of the network covert channel of HTTP protocol, Based on the data structure of HTTP request behavior and tree, a method of constructing covert channel based on Web application directory tree is proposed. In this paper, the covert channel is constructed by using HTTP request made by browser on HTTP protocol. There is no need to use additional client programs; multipath request transmission mode is formed by multi-host and multi-#en0# applications, HTTP requests are sent by multiple browsers to different Web applications to transmit covert information fragments. It makes the covert channel have higher channel capacity and better concealment. A scheme of simulating the interval between HTTP packets is proposed to simulate the request behavior of the normal browser, which can improve the anti-detection performance of the covert channel. The HTTP protocol uses the reliable transport service of the TCP protocol in the transport layer. Therefore, the probability of the covert channel encountered in the case of HTTP packet loss and disorder in a poor network environment is relatively low. This paper is devoted to design and implement a method of constructing covert channel based on Web application directory tree. The capacity, robustness and concealment of the covert channel are evaluated by experimental results. The covert channel can avoid the existing two methods of detecting the covert channel based on HTTP protocol (the detection method based on the protocol fingerprint and the detection method based on the application signature). This channel still has good channel capacity, robustness and concealment, so it is a new and effective covert channel based on HTTP request behavior.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【相似文献】