包间时延隐信道的检测和参数估计研究

发布时间：2018-06-15 17:03

本文选题：网络隐信道 + 包间时延　；参考：《南京理工大学》2014年硕士论文

【摘要】：由于网络隐信道技术可被渗入计算机中的木马或其他恶意程序使用而进行隐蔽的数据偷取,亦可被间谍人员用于重要情报信息的数据传输。因此,对网络隐信道的检测是一项非常重要的网络安全防护技术,已经引起了研究者的广泛关注,而且取得了很多的研究成果。本文针对基于包间时延的时间式网络隐信道的检测问题开展了研究,在提出具有较小窗口和较低计算复杂度的检测算法的基础上,还对后续的隐信道参数估计问题进行了研究,论文的主要研究工作如下： (1)对网络隐信道的基本概念进行了介绍,并对网络隐信道正反向的相关技术及其进展情况进行了总结和归纳。 (2)介绍了包间时延隐信道的构造原理,分析了不同强度下的网络抖动对包间时延隐信道的影响；详细介绍了当前主要的针对包间时延隐信道的检测算法,总结了算法的特点并指出了存在的不足之处。 (3)基于包间时延隐信道产生的排序包间时延序列存在的台阶效应,在弱的网络抖动下,提出了一种基于排序包间时延序列台阶效应的隐信道检测算法,相比传统的统计类方法,该方法具有较小的检测窗口和低的计算复杂度；对较强网络抖动情况,提出了一种基于排序包间时延差分序列质量和质心位置的隐信道检测算法,该方法使用相对低的检测窗口,可在较弱的台阶效应下通过判断整体台阶效应水平和分布实现较为可靠的检测：仿真实验验证了所提两种方法的有效性。 (4)针对包间时延隐信道的编码位数和编码时间窗口参数估计的问题,提出基于叠加多估计窗口小波变换系数的参数估计方法,该方法首先将跟踪存储下的包间时延分等成多份,并对每份排序数据差分后进行二次小波变化,然后将多份小波变换后的系数进行叠加以突出微弱的排序包间时延的台阶效应。仿真实验表明,即使在较强的网络抖动下该方法依然可提高较为准确的估计结果。论文最后对全文进行了总结,同时指出存在的不足之处,并对未来值得研究的问题进行了展望。
[Abstract]:Because the network hidden channel technology can be used by the Trojan horse or other malicious program which infiltrates into the computer to steal hidden data, it can also be used by the spy personnel for the data transmission of the important intelligence information. Therefore, the detection of network hidden channels is a very important network security protection technology, which has attracted extensive attention of researchers, and has made a lot of research results. In this paper, the detection of hidden channels based on inter-packet delay in time-type networks is studied. Based on the proposed detection algorithms with smaller windows and lower computational complexity, the subsequent hidden channel parameter estimation problems are also studied. The main work of this thesis is as follows: (1) the basic concept of hidden channel is introduced. This paper also summarizes the related technologies and their progress in the forward and backward direction of the network hidden channel. (2) the construction principle of the inter-packet time-delay channel is introduced, and the influence of the network jitter on the inter-packet time-delay channel under different intensity is analyzed. In this paper, the main detection algorithms for inter-packet time-delay channel are introduced in detail. The characteristics of the algorithm are summarized and the shortcomings are pointed out. In this paper, a hidden channel detection algorithm based on step effect between sorted packet delay sequences is proposed. Compared with traditional statistical methods, this method has smaller detection window and lower computational complexity. In this paper, a hidden channel detection algorithm based on the quality and centroid position of delay difference sequence between sorted packets is proposed. The method uses a relatively low detection window. A more reliable detection can be achieved by judging the level and distribution of the overall step effect under the weaker step effect. The simulation results show the effectiveness of the proposed two methods. Bit and encoding time window parameter estimation, A parameter estimation method based on the wavelet transform coefficients of superposition multi-estimation window is proposed. Firstly, the time delay between packets is divided into multiple parts, and then the second wavelet transform is carried out after the difference of each sorted data. Then the coefficients after multiple wavelet transform are superposed to highlight the step effect of weak sorting delay between packets. Simulation results show that the proposed method can improve the accurate estimation results even under strong network jitter. Finally, the paper summarizes the whole paper, points out the shortcomings, and looks forward to the problems worth studying in the future.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】