基于隐蔽信息存储分布的隐蔽信道研究
发布时间:2018-12-13 07:42
【摘要】:随着网络安全问题的日益突出,隐蔽信道作为重要的网络危害之一,逐渐成为学术研究热点。根据隐蔽信息的载体的不同,隐蔽信道分为时间式和存储式隐蔽信道,另外还有多链路式隐蔽信道以及基于包长度的长度式隐蔽信道。本文针对已有的长度式隐蔽信道在统计特征和信道熵中与合法信道的差异问题,提出一种基于隐蔽信息存储分布的隐蔽信道构造方法。首先将不同编码方式下的隐蔽信息转换为二进制比特流,在该比特流中依次取特定长度的比特串,我们统计比特串的不同取值在比特流中出现的概率,分析这种概率不同的原因以及对传统长度式隐蔽信道的影响。然后将这一因素考虑到长度式隐蔽信道的构建中,设计了新的长度式隐蔽信道构造方法。针对信道熵增加的问题,本文设计了一种新型有效的熵调节机制,调节信道的熵到合法范围内。同时实现了经典的参考长度隐蔽信道NTNCC,利用NTNCC和合法信道的数据流特征参数,得出检测信道的统计特征和熵特征的阈值,最后使用统计特征和熵检测两种方法检测了本文设计的隐蔽信道模型的隐蔽性,对比合法信道、NTNCC以及本文设计的隐蔽信道的相关特征的检测结果。实验结果表明,和传统参考长度隐蔽信道NTNCC相比,本文设计的长度式隐蔽信道方法,信道的统计特征和熵更接近合法信道,具有更好的隐蔽性。
[Abstract]:With the increasingly prominent network security issues, covert channel, as one of the important network hazards, has gradually become a hot academic research. According to the carrier of covert information, the covert channel can be divided into temporal and storage covert channels, multi-link covert channels and packet-based covert channels. In this paper, a method of constructing covert channels based on the distribution of hidden information storage is proposed to solve the statistical characteristics and the differences between the existing length covert channels and legitimate channels in terms of channel entropy and statistical characteristics. Firstly, the covert information in different coding modes is converted into binary bit stream. In this bit stream, the bit string of specific length is taken in turn, and we calculate the probability of the different values of bit string appearing in the bit stream. The reasons for the different probabilities and the influence on the traditional length covert channels are analyzed. Then this factor is taken into account in the construction of the long covert channel and a new method of constructing the long covert channel is designed. Aiming at the problem of increasing channel entropy, this paper designs a new and effective entropy regulation mechanism, which adjusts the channel entropy to the legal range. At the same time, the classical reference length covert channel NTNCC, uses the NTNCC and the data flow characteristic parameters of the legal channel to obtain the statistical characteristics of the detection channel and the threshold value of the entropy feature. Finally, the concealment of the covert channel model designed in this paper is detected by using statistical features and entropy detection, and the detection results of the legal channel, NTNCC and the covert channel characteristics designed in this paper are compared. The experimental results show that compared with the traditional reference length covert channel (NTNCC), the statistical characteristics and entropy of the proposed method are closer to the legal channel and have better concealment.
【学位授予单位】:南京理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2376174
[Abstract]:With the increasingly prominent network security issues, covert channel, as one of the important network hazards, has gradually become a hot academic research. According to the carrier of covert information, the covert channel can be divided into temporal and storage covert channels, multi-link covert channels and packet-based covert channels. In this paper, a method of constructing covert channels based on the distribution of hidden information storage is proposed to solve the statistical characteristics and the differences between the existing length covert channels and legitimate channels in terms of channel entropy and statistical characteristics. Firstly, the covert information in different coding modes is converted into binary bit stream. In this bit stream, the bit string of specific length is taken in turn, and we calculate the probability of the different values of bit string appearing in the bit stream. The reasons for the different probabilities and the influence on the traditional length covert channels are analyzed. Then this factor is taken into account in the construction of the long covert channel and a new method of constructing the long covert channel is designed. Aiming at the problem of increasing channel entropy, this paper designs a new and effective entropy regulation mechanism, which adjusts the channel entropy to the legal range. At the same time, the classical reference length covert channel NTNCC, uses the NTNCC and the data flow characteristic parameters of the legal channel to obtain the statistical characteristics of the detection channel and the threshold value of the entropy feature. Finally, the concealment of the covert channel model designed in this paper is detected by using statistical features and entropy detection, and the detection results of the legal channel, NTNCC and the covert channel characteristics designed in this paper are compared. The experimental results show that compared with the traditional reference length covert channel (NTNCC), the statistical characteristics and entropy of the proposed method are closer to the legal channel and have better concealment.
【学位授予单位】:南京理工大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前7条
1 钱玉文;李勇;王执铨;;网络包长度隐蔽信道的建模与仿真[J];系统仿真学报;2010年07期
2 王华翔;;基于IP数据包生存期的隐蔽信道[J];网络安全技术与应用;2010年06期
3 杨智丹;刘克胜;王康;汪松鹤;;基于IP报头选项的网络隐蔽通道技术[J];计算机工程;2009年13期
4 姚全珠;张鹏;;基于数据包长度的网络隐蔽通道[J];计算机工程;2008年03期
5 孙星明;黄华军;王保卫;孙光;黄俊伟;;一种基于等价标记的网页信息隐藏算法[J];计算机研究与发展;2007年05期
6 邹昕光;;基于FTP协议的命令序列隐蔽信道[J];哈尔滨工业大学学报;2007年03期
7 訾小超;姚立红;李斓;;一种基于有限状态机的隐含信息流分析方法[J];计算机学报;2006年08期
,本文编号:2376174
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2376174.html
