网络隐蔽信道检测系统的研究与实现
发布时间:2018-08-14 17:00
【摘要】:随着网络技术的不断发展,网络中的数据泄漏现象也日益严重,在网络中大量成功部署的防火墙和入侵检测系统,已难以满足网络安全防护的需求。特别是近年来,基于隐蔽信道的安全威胁越来越多,因此,对内部数据保护的隐蔽信道检测系统研究,具有一定的指导意义。论文中首先对隐蔽信道的相关机制展开介绍,并对其相关检测技术进行分析研究,发现当前针对隐蔽信道检测研究中必须在已知信道的前提下进行,而且一般只能实现单一信道的检测。而在实际的环境部署中,实现对多种不同类型信道的盲检测是对检测系统的基本要求。论文首先从系统设计需求出发,信道检测需求中对已有的经典隐蔽信道原理及其信道特征进行分析,从信道检测方法的角度对其进行分类,给出了基于模式的隐蔽信道(PCC)、基于知识的隐蔽信道(KCC)和基于统计的隐蔽信道(SCC)三种信道类型,为系统设计中的检测策略设计提供基础,而环境需求和管理需求则对系统配置设计提出要求。接着设计构建了网络隐蔽信道检测系统,其中检测模块包含PCC、KCC和SCC三个检测器,分别针对不同类型的隐蔽信道进行检测,其中PCC检测器通过信道特征规则匹配识别信道,KCC利用局域网络环境知识识别信道,而在SCC的检测过程中,使用了密度聚类检测算法,三个检测器的检测过程在实现独立工作的同时,保证了协调互补。系统对各个模块的具体实现展开详细说明。论文搭建了模拟测试环境,设置了不同的网络场景对系统的检测器功能的可用性及检测策略的有效性进行测试验证,结果表明,系统实现了对网络中隐蔽信道的盲检测,功能全面、信道检测效果好,具有很好的通用性和可拓展性。
[Abstract]:With the development of network technology, the phenomenon of data leakage in the network is becoming more and more serious. The firewall and intrusion detection system which are successfully deployed in the network have been unable to meet the requirements of network security protection. Especially in recent years, there are more and more security threats based on covert channel. Therefore, the research of covert channel detection system based on internal data protection has certain guiding significance. In this paper, we first introduce the related mechanism of covert channel, and analyze the related detection technology. It is found that the current research on covert channel detection must be carried out under the premise of known channel. And generally can only achieve a single channel detection. In the actual environment deployment, blind detection of different kinds of channels is the basic requirement of detection system. Firstly, from the system design requirements, the classical hidden channel principle and channel characteristics are analyzed and classified from the point of view of channel detection methods. Three types of covert channel (KCC) based on knowledge and covert channel (SCC) based on statistics are presented in this paper, which provide the basis for the design of detection strategy in system design. Environmental requirements and management requirements are required for system configuration design. Then, a network covert channel detection system is designed and constructed, in which the detection module consists of three detectors, PCCC KCC and SCC, which are used to detect different types of covert channels, respectively. The PCC detector uses the knowledge of local network environment to identify the channel by matching the channel characteristic rules, while the density clustering algorithm is used in the detection of SCC. The detection process of the three detectors can work independently and ensure the coordination and complementarity. The system describes the implementation of each module in detail. In this paper, a simulated test environment is built, and different network scenarios are set up to test the availability of the detector function and the effectiveness of the detection strategy. The results show that the system realizes blind detection of the hidden channels in the network. The function is comprehensive, the channel detection effect is good, has the very good universality and the expansibility.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
[Abstract]:With the development of network technology, the phenomenon of data leakage in the network is becoming more and more serious. The firewall and intrusion detection system which are successfully deployed in the network have been unable to meet the requirements of network security protection. Especially in recent years, there are more and more security threats based on covert channel. Therefore, the research of covert channel detection system based on internal data protection has certain guiding significance. In this paper, we first introduce the related mechanism of covert channel, and analyze the related detection technology. It is found that the current research on covert channel detection must be carried out under the premise of known channel. And generally can only achieve a single channel detection. In the actual environment deployment, blind detection of different kinds of channels is the basic requirement of detection system. Firstly, from the system design requirements, the classical hidden channel principle and channel characteristics are analyzed and classified from the point of view of channel detection methods. Three types of covert channel (KCC) based on knowledge and covert channel (SCC) based on statistics are presented in this paper, which provide the basis for the design of detection strategy in system design. Environmental requirements and management requirements are required for system configuration design. Then, a network covert channel detection system is designed and constructed, in which the detection module consists of three detectors, PCCC KCC and SCC, which are used to detect different types of covert channels, respectively. The PCC detector uses the knowledge of local network environment to identify the channel by matching the channel characteristic rules, while the density clustering algorithm is used in the detection of SCC. The detection process of the three detectors can work independently and ensure the coordination and complementarity. The system describes the implementation of each module in detail. In this paper, a simulated test environment is built, and different network scenarios are set up to test the availability of the detector function and the effectiveness of the detection strategy. The results show that the system realizes blind detection of the hidden channels in the network. The function is comprehensive, the channel detection effect is good, has the very good universality and the expansibility.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 王永吉;吴敬征;曾海涛;丁丽萍;廖晓锋;;隐蔽信道研究[J];软件学报;2010年09期
2 张树勇;万厚冲;;基于模型的时间隐蔽信道的一种算法[J];科技风;2010年05期
3 汪婧;高能;林t燂,
本文编号:2183521
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2183521.html
