网络协议隐信道检测与新型构建方案研究
发布时间:2018-08-07 07:33
【摘要】:随着互联网的蓬勃发展,基于网络协议的隐信道研究吸引了越来越多研究者的关注。网络媒介具有动态性、瞬时性和基数大等特性,以网络协议为载体构建隐蔽通信,具有其他载体无法比拟的优势。加之传统加密技术的安全性日渐受到威胁,已不能满足人们对信息安全传输的需要。而网络隐信道隐藏了隐秘信息的存在,成为备受人们青睐的选择。目前,网络协议隐信道在构建研究方面已经取得了一定的成果,而其检测技术研究尚处于起步阶段。目前已有木马结合网络隐信道造成隐私泄露事件,这给网络安全与个人隐私安全带来了严峻的挑战。因此,研究网络协议隐信道及其检测技术是非常有必要的。针对网络协议隐信道的研究现状,本文分别从检测技术和新型构建方案两个方向对网络协议隐信道展开研究。在检测研究方面,我们在现有的存储型和时序型隐信道构建研究的基础上,针对基于TCP/IP的存储型隐信道,提出了基于协议行为的多维特征向量检测算法;对时序型隐信道,设计了基于时序指纹的时序型隐信道综合检测算法;然后设计出一个实用的网络协议隐信道检测框架。在构建研究方面,鉴于存储型和时序型隐信道的构建研究现状,我们设计了一种基于浏览器HTTP行为的新型应用层隐信道。本文的主要研究内容和贡献总结如下:1.基于存储型隐信道的研究现状,我们研究了基于TCP/IP的存储型隐信道检测技术。由于现有的存储型隐信道检测算法大都是目标检测,仅能针对性地检测某个存储型隐信道,缺少一种全面综合的检测算法。而且,现有的算法仅从载体字段值的规律入手,忽略了每个头部字段均有其固有的行为特征。通过将TCP/IP各头部字段的行为特征用相邻数据包字段值的规律性或相关性表示出来,我们设计了一个基于协议行为的多维特征向量检测算法,该算法可以有效地检测基于TCP/IP头部的存储型隐信道。该算法的SVM分类模型采用合法信道与隐信道的行为特征向量进行训练,并通过测试反馈进行优化。实验结果表明,该算法对基于TCP/IP头部字段的存储型隐信道取得了良好的检测效果。2.现有的时序型隐信道检测算法均是针对专门的时序型隐信道设计的,每个检测算法都有其自身的适用性和局限性。针对该问题,我们设计了基于时序指纹的时序型隐信道综合检测算法,该算法利用现有的四种公认的检测算法(KS检测算法、ε相似度检测算法、Entropy检测算法、CCE检测算法),将这些算法从不同角度的衡量标准联合起来提取指纹特征,并选择四个典型的时序型隐信道,IPCTC、LtoN、TRCTC和MBCTC的时序指纹作为时序型隐信道的指纹特征。该算法训练生成的SVM分类模型,可以识别出基于TCP/IP的时序型隐信道。通过测试实验和盲检测两组实验进行验证,结果表明,该检测算法能有效检测基于TCP/IP的时序型隐信道,并可以在一定程度上对时序型隐信道实现盲检测。3.针对存储型和时序型隐信道检测的实用性问题,我们设计了一个网络协议隐信道检测框架。由于隐信道的检测算法与具体的隐藏算法相关联,现有的检测算法仅能检测一种或几种针对性的隐信道。因此,基于前面两章的检测算法研究,我们提出了一个可实用的网络协议隐信道检测框架,并给出了各模块的功能设计。通过分析,基于该框架的检测系统是高效的、全面的、可扩展的和可学习的,通过这些性质,该系统能够实现对基于TCP/IP的存储型和时序型隐信道的盲检测。4.针对网络协议隐信道构建研究的现状,我们研究了基于HTTP的新型应用层隐信道的设计问题。通过网站访问抓包实验,我们发现了浏览器的HTTP行为:当打开一个网页时,HTTP请求报文和HTTP数据流的分布关系是动态变化的。以浏览器的HTTP行为作载体,我们提出了一个基于HTTP行为的LiHB隐信道,该隐信道采用HTTP请求-流分布的组合数学性质编码嵌入隐秘信息,没有修改HTTP报文的内容或格式,具有很好的隐蔽性和可靠性。而且,LiHB能穿过Web代理服务器,将局域网内的信息泄露出去。针对LiHB存在的不足,我们设计了更隐蔽高效的HBCC隐信道。它采用与合法信道独立同分布的包间间隔序列来模拟正常的HTTP请求分布,又采用网页的频繁访问项集模仿正常用户的浏览模式。实验结果表明,LiHB和HBCC具有很好的可靠性,而且HBCC的信道容量和抗检测性优于LiHB隐信道。
[Abstract]:With the rapid development of the Internet, the research of hidden channels based on network protocols attracts more and more researchers. The network media has the characteristics of dynamic, instantaneous and cardinal numbers. The network protocol is used as the carrier to build covert communication, which has the advantages that other carriers can't compare with. And the security of traditional encryption technology is increasingly getting more and more popular. Threats can not meet the needs of people to transmit information safely. The hidden channel of the network has hidden the existence of secret information, which has become a popular choice. At present, the hidden channel of network protocol has achieved certain achievements in the research of construction, and the research of its detection technology is still in its infancy. Hidden channels cause privacy disclosure, which poses a severe challenge to network security and personal privacy. Therefore, it is necessary to study the hidden channel of network protocol and its detection technology. In view of the research status of the hidden channel of network protocol, this paper deals with the hidden channel of network protocol from two directions of detection technology and new construction scheme. On the basis of the existing storage type and time series implicit channel construction, we propose a multi-dimensional eigenvector detection algorithm based on protocol behavior for the storage type hidden channel based on TCP/IP, and design a sequential hidden channel integrated detection algorithm based on time series fingerprint. Then a practical network protocol hidden channel detection framework is designed. In the construction research, in view of the status of the storage and sequential hidden channel construction, we design a new application layer hidden channel based on the browser HTTP behavior. The main research contents and contributions of this paper are as follows: 1. In the present situation, we study the hidden channel detection technology based on TCP/IP. Since most of the existing hidden channel detection algorithms are target detection, only a stored hidden channel can be detected, and a comprehensive and comprehensive detection algorithm is lacking. Moreover, the existing algorithm only starts with the law of the carrier field value, neglects every one. A header field has its inherent behavioral characteristics. By expressing the behavior characteristics of the TCP/IP head fields with the regularity or correlation of the value of the adjacent packet field, we design a multi-dimensional eigenvector detection algorithm based on the protocol behavior, which can effectively detect the stored hidden channel based on the TCP/IP head. The SVM classification model of the algorithm is trained by the behavior characteristic vector of the legal channel and the hidden channel, and is optimized by the test feedback. The experimental results show that the algorithm has good detection effect on the stored hidden channel based on the TCP/IP head field..2. existing time series hidden channel detection algorithms are targeted to special time. Each detection algorithm has its own applicability and limitation. In order to solve this problem, we design a sequential hidden channel integrated detection algorithm based on time series fingerprint. The algorithm uses four existing recognized detection algorithms (KS detection algorithm, epsilon similarity detection algorithm, Entropy detection algorithm, CCE detection algorithm). These algorithms are combined to extract fingerprint features from different angles and select four typical sequential hidden channels, IPCTC, LtoN, TRCTC and MBCTC as the fingerprint features of the time series hidden channel. The algorithm trains the generated SVM classification model and can identify the sequential hidden channel based on TCP/IP. Test experiments and blind detection of two groups are verified. The results show that the detection algorithm can effectively detect the sequential hidden channel based on TCP/IP, and to a certain extent, we can detect the practicality of the blind detection.3. for the storage and sequential hidden channel detection to a certain extent. We design a network protocol hidden channel detection. Since the detection algorithms of hidden channels are associated with specific hidden algorithms, the existing detection algorithms can only detect one or more specific hidden channels. Therefore, based on the detection algorithms in the previous two chapters, we propose a practical framework for detection of hidden channels for network protocols, and give the function design of each module. Analysis, the detection system based on this framework is efficient, comprehensive, extensible and learning. Through these properties, the system can realize the research on the blind detection of TCP/IP based storage and time series hidden channels for network protocol implicit channel construction. We studied the design of a new application layer hidden channel based on HTTP. Through the web site access experiment, we found the HTTP behavior of the browser: when a web page is opened, the distribution of the HTTP request message and the HTTP data flow is dynamically changed. With the browser's HTTP behavior as the carrier, we propose a LiHB hidden channel based on the HTTP behavior, and the Cain channel uses the HTTP request flow distribution. The combination of mathematical properties encodes embedded secret information and does not modify the content or format of the HTTP message. It has good concealment and reliability. Moreover, LiHB can pass through the Web proxy server to disclose the information in the LAN. In view of the shortcomings of the LiHB, we designed a more hidden and efficient HBCC hidden channel. It is used with the legal channel. The independent and identically distributed interval sequence is used to simulate the normal HTTP request distribution, and the frequent access items of the web page are used to imitate the normal user's browsing mode. The experimental results show that LiHB and HBCC have good reliability, and the channel capacity and anti detectability of HBCC are better than those of LiHB hidden channels.
【学位授予单位】:中国科学技术大学
【学位级别】:博士
【学位授予年份】:2017
【分类号】:TP393.04
本文编号:2169312
[Abstract]:With the rapid development of the Internet, the research of hidden channels based on network protocols attracts more and more researchers. The network media has the characteristics of dynamic, instantaneous and cardinal numbers. The network protocol is used as the carrier to build covert communication, which has the advantages that other carriers can't compare with. And the security of traditional encryption technology is increasingly getting more and more popular. Threats can not meet the needs of people to transmit information safely. The hidden channel of the network has hidden the existence of secret information, which has become a popular choice. At present, the hidden channel of network protocol has achieved certain achievements in the research of construction, and the research of its detection technology is still in its infancy. Hidden channels cause privacy disclosure, which poses a severe challenge to network security and personal privacy. Therefore, it is necessary to study the hidden channel of network protocol and its detection technology. In view of the research status of the hidden channel of network protocol, this paper deals with the hidden channel of network protocol from two directions of detection technology and new construction scheme. On the basis of the existing storage type and time series implicit channel construction, we propose a multi-dimensional eigenvector detection algorithm based on protocol behavior for the storage type hidden channel based on TCP/IP, and design a sequential hidden channel integrated detection algorithm based on time series fingerprint. Then a practical network protocol hidden channel detection framework is designed. In the construction research, in view of the status of the storage and sequential hidden channel construction, we design a new application layer hidden channel based on the browser HTTP behavior. The main research contents and contributions of this paper are as follows: 1. In the present situation, we study the hidden channel detection technology based on TCP/IP. Since most of the existing hidden channel detection algorithms are target detection, only a stored hidden channel can be detected, and a comprehensive and comprehensive detection algorithm is lacking. Moreover, the existing algorithm only starts with the law of the carrier field value, neglects every one. A header field has its inherent behavioral characteristics. By expressing the behavior characteristics of the TCP/IP head fields with the regularity or correlation of the value of the adjacent packet field, we design a multi-dimensional eigenvector detection algorithm based on the protocol behavior, which can effectively detect the stored hidden channel based on the TCP/IP head. The SVM classification model of the algorithm is trained by the behavior characteristic vector of the legal channel and the hidden channel, and is optimized by the test feedback. The experimental results show that the algorithm has good detection effect on the stored hidden channel based on the TCP/IP head field..2. existing time series hidden channel detection algorithms are targeted to special time. Each detection algorithm has its own applicability and limitation. In order to solve this problem, we design a sequential hidden channel integrated detection algorithm based on time series fingerprint. The algorithm uses four existing recognized detection algorithms (KS detection algorithm, epsilon similarity detection algorithm, Entropy detection algorithm, CCE detection algorithm). These algorithms are combined to extract fingerprint features from different angles and select four typical sequential hidden channels, IPCTC, LtoN, TRCTC and MBCTC as the fingerprint features of the time series hidden channel. The algorithm trains the generated SVM classification model and can identify the sequential hidden channel based on TCP/IP. Test experiments and blind detection of two groups are verified. The results show that the detection algorithm can effectively detect the sequential hidden channel based on TCP/IP, and to a certain extent, we can detect the practicality of the blind detection.3. for the storage and sequential hidden channel detection to a certain extent. We design a network protocol hidden channel detection. Since the detection algorithms of hidden channels are associated with specific hidden algorithms, the existing detection algorithms can only detect one or more specific hidden channels. Therefore, based on the detection algorithms in the previous two chapters, we propose a practical framework for detection of hidden channels for network protocols, and give the function design of each module. Analysis, the detection system based on this framework is efficient, comprehensive, extensible and learning. Through these properties, the system can realize the research on the blind detection of TCP/IP based storage and time series hidden channels for network protocol implicit channel construction. We studied the design of a new application layer hidden channel based on HTTP. Through the web site access experiment, we found the HTTP behavior of the browser: when a web page is opened, the distribution of the HTTP request message and the HTTP data flow is dynamically changed. With the browser's HTTP behavior as the carrier, we propose a LiHB hidden channel based on the HTTP behavior, and the Cain channel uses the HTTP request flow distribution. The combination of mathematical properties encodes embedded secret information and does not modify the content or format of the HTTP message. It has good concealment and reliability. Moreover, LiHB can pass through the Web proxy server to disclose the information in the LAN. In view of the shortcomings of the LiHB, we designed a more hidden and efficient HBCC hidden channel. It is used with the legal channel. The independent and identically distributed interval sequence is used to simulate the normal HTTP request distribution, and the frequent access items of the web page are used to imitate the normal user's browsing mode. The experimental results show that LiHB and HBCC have good reliability, and the channel capacity and anti detectability of HBCC are better than those of LiHB hidden channels.
【学位授予单位】:中国科学技术大学
【学位级别】:博士
【学位授予年份】:2017
【分类号】:TP393.04
【相似文献】
相关期刊论文 前10条
1 李元忠;航天电子设备信道综合利用概述[J];电讯技术;1983年06期
2 张军,,潘磊,方新,张其善;甚高频空地数据链信道访问模型及性能分析[J];航空学报;1999年04期
3 刘达明;汪一鸣;叶丹;;认知用户信道随机选择和最优选择策略的性能比较[J];苏州大学学报(工科版);2009年03期
4 冯慧江;;分组数据通过卫星信道传输若干问题的分析[J];无线电通信技术;1991年02期
5 耿翠英,关哲刚,张华锋;数据信号在通信信道传输中附加干扰的抑制[J];齐齐哈尔大学学报;2000年03期
6 曾昆;彭启航;唐友喜;;报告信道传输错误环境下协作感知最优用户数分析[J];信号处理;2011年03期
7 鲁伟;孙建锋;潘卫清;曲伟娟;朱勇健;阳庆国;刘立人;;空潜信道中基于多光束阵列的二维图案传输[J];中国激光;2006年07期
8 卢志忠,孙红敏,李玉清;低压电力线载波通信信道传输特性分析[J];黑龙江电力;2002年06期
9 苗长云,梁全市,薛鹏骞,杨维;市话信道测试研究[J];阜新矿业学院学报(自然科学版);1993年03期
10 Avaya Inc.;综合布线系统信道富余量对网络传输性能的影响[J];电信工程技术与标准化;2001年02期
相关会议论文 前1条
1 魏芳;;浅议IEEE802.11e中的TXOP[A];四川省通信学会2009年学术年会论文集[C];2009年
相关重要报纸文章 前6条
1 ;信道富余量对网络传输性能的影响[N];网络世界;2001年
2 谭立华;上网永远免费在线[N];中国计算机报;2001年
3 ;上海贝尔AO/DI解决方案及优势[N];人民邮电;2001年
4 陈飞雪;802.11n标准引爆无线革命[N];中国计算机报;2007年
5 苏成富;数据压缩技术简介⑤[N];北京电子报;2001年
6 ;WiMAX标准的特点[N];人民邮电;2005年
相关博士学位论文 前10条
1 吴翔宇;同时同频全双工自干扰信道测量与特征分析[D];电子科技大学;2015年
2 周涛;高速铁路无线信道传播特性、建模与测量方法研究[D];北京交通大学;2016年
3 张明科;基于纳米工艺的高速自适应均衡技术的研究与实现[D];东南大学;2015年
4 李彩华;现代化GNSS信号收发信道关键技术研究[D];国防科学技术大学;2015年
5 沈瑶;网络协议隐信道检测与新型构建方案研究[D];中国科学技术大学;2017年
6 何修富;OFDM信道盲估计方法研究[D];西安电子科技大学;2009年
7 张明;宽带多天线无线传播信道的特性、测量和建模研究[D];北京邮电大学;2008年
8 毕见鑫;子波理论在信道传输中的应用研究[D];西安电子科技大学;2001年
9 郭晶;随机信道下无线通信的安全机制分析与设计[D];清华大学;2011年
10 刘郁林;无线通信中对时变色散信道的盲均衡与盲辩识方法研究[D];电子科技大学;2002年
相关硕士学位论文 前10条
1 张平娟;无线信道中的密钥进化与加密[D];西安电子科技大学;2014年
2 陈晓峰;信道模拟器关键技术研究与实现[D];西安电子科技大学;2014年
3 赵雪丽;散射信道测量方案的研究[D];西安电子科技大学;2014年
4 杜娟;CO-OFDM系统中I/Q不平衡和信道估计补偿算法的研究[D];上海交通大学;2015年
5 肖晶成;虚拟Massive MIMO信道测量系统的研制及大尺度衰落分析[D];北京交通大学;2016年
6 朱进;短距毫米波无线信道测量与建模技术研究[D];东南大学;2015年
7 黄雷;短距离无线信道测量及其传播性能分析[D];南京信息工程大学;2016年
8 任和;平行信道的可靠通信研究[D];电子科技大学;2016年
9 杨亚军;基于压缩感知的多载波系统信道估计研究[D];南京邮电大学;2016年
10 吴慧君;超级信道光网络中先进调制方式光信号性能监控研究[D];南京邮电大学;2016年
本文编号:2169312
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2169312.html
