VPN协议识别关键技术研究

发布时间：2018-06-09 13:06

本文选题：自相关检测 + 傅里叶变换　；参考：《浙江理工大学》2017年硕士论文

【摘要】：随着VPN技术被企业与个人广泛使用,为了保障数据传输的安全性,VPN流量具有加密性和私有性等特点,但是由于加密强度的日益提升,针对VPN协议的审计也越来越困难,因此保障VPN网络安全的技术也成了制约VPN协议识别的因素。在VPN协议识别研究领域,对VPN协议中加密数据的识别是一个关键,为此本文提出一种新的自相关随机性检测算法。该算法先对样本数据列进行移位自相关计算,为了加快检测速度,算法利用傅里叶变换和傅里叶逆变换来快速计算相关值,在保证了较高检测率的同时,提升了加密数据流识别的速度。实验中采用不同文件类型加密样本进行随机序列采集,利用本文算法对样本集进行处理,从结果中可以看出,本算法在数据的随机性检测上具有较好的识别效果。在识别方式上,为了进一步对VPN数据流量进行精确的筛选和分类,设计并实现了基于Mina2异步框架的VPN协议主动识别系统,系统采用了一种基于主动识别模式的适用于VPN协议识别的方法。主动识别在识别方式上不同于常规通过端口镜像获取数据进行协议识别和分类的方法,而是通过构造VPN请求报文与服务器进行主动交互,并对响应信息进行基于VPN协议的特征匹配,该方法解决了常规端口镜像数据协议识别方法由于硬件性能受限容易出现数据漏报以及误报等缺陷的问题。实验中使用基于异步事件触发机制的Apache Mina2网络应用框架,通过与目标服务器建立主动连接的方式,对VPN协议实现了精准识别。由系统实验结果可以看出,本系统对VPN协议,主要包括PPTP、L2TP和OpenVPN,均有较高的识别率,从而为VPN协议识别提供了一个高效可行的解决方案。实验结果说明了在VPN协议识别中,单纯基于协议特征的被动识别模式并不适用于VPN协议的识别与分类,而采用主动识别模式在识别率上则可以达到较好的识别与分类效果。本文通过对上述两方面的研究,使得VPN协议识别的准确程度以及识别效果更加稳定和精确。
[Abstract]:With the widespread use of VPN technology by enterprises and individuals, in order to ensure the security of data transmission, VPN traffic has the characteristics of encryption and privacy. However, due to the increasing encryption intensity, it is becoming more and more difficult to audit VPN protocol. Therefore, the technology of protecting VPN network security also becomes the factor that restricts VPN protocol identification. In the field of VPN protocol recognition, it is a key to recognize encrypted data in VPN protocol. Therefore, a new auto-correlation random detection algorithm is proposed in this paper. In order to speed up the detection speed, the algorithm uses Fourier transform and inverse Fourier transform to calculate the correlation value quickly, which ensures the high detection rate at the same time, in order to speed up the detection speed, the algorithm first carries on the shift autocorrelation calculation to the sample data column, the algorithm uses the Fourier transform and the Fourier inverse transform to calculate the correlation value quickly. Improved the speed of encrypted data stream recognition. In the experiment, different file types are used to encrypt samples for random sequence acquisition, and the algorithm is used to process the sample set. From the results, it can be seen that the algorithm has a better recognition effect on the randomness detection of data. In recognition mode, in order to filter and classify VPN data flow accurately, a VPN protocol active identification system based on Mina2 asynchronous framework is designed and implemented. The system adopts a method of VPN protocol recognition based on active recognition pattern. The method of active recognition is different from the conventional method of obtaining data through port mirror for protocol identification and classification. Instead, the VPN request message is constructed for active interaction with the server. The response information is matched based on VPN protocol. This method solves the problems of common port mirror data protocol recognition method which is prone to data misinformation and false positives due to limited hardware performance. In the experiment, the Apache Mina2 network application framework based on asynchronous event triggering mechanism is used to accurately identify the Apache protocol by establishing an active connection with the target server. It can be seen from the experimental results that the system has a high recognition rate for VPN protocols, including PPTPU L2TP and OpenVPN, which provides an efficient and feasible solution for VPN protocol identification. The experimental results show that the passive recognition pattern based on protocol features is not suitable for VPN protocol recognition and classification, but the active recognition pattern can achieve better recognition and classification results. In this paper, the above two aspects of the research, VPN protocol recognition accuracy and recognition effect more stable and accurate.
【学位授予单位】：浙江理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】