本文選題：隱蔽信道　切入點(diǎn)：Web應(yīng)用　出處：《南京理工大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：網(wǎng)絡(luò)隱蔽信道為因特網(wǎng)中的兩個(gè)通信實(shí)體提供了信息隱蔽傳輸?shù)哪芰?它利用因特網(wǎng)中無(wú)處不在的協(xié)議數(shù)據(jù)包作為載體進(jìn)行信息的隱蔽傳輸,因此它是網(wǎng)絡(luò)環(huán)境安全的嚴(yán)重威脅之一。HTTP協(xié)議作為因特網(wǎng)上最常用的協(xié)議之一,大約占了因特網(wǎng)上所有流量的一半,因此也成了網(wǎng)絡(luò)隱蔽信道滋生的沃土。目前已經(jīng)存在的基于HTTP協(xié)議的隱蔽信道大部分都是利用網(wǎng)頁(yè)重定向、Cookies、HTTP請(qǐng)求頭和HTML元素等來(lái)進(jìn)行構(gòu)造。本文針對(duì)現(xiàn)存的基于HTTP協(xié)議的網(wǎng)絡(luò)隱蔽信道的一些不足之處,利用HTTP請(qǐng)求行為和樹(shù)這種數(shù)據(jù)結(jié)構(gòu),提出了一種基于Web應(yīng)用目錄樹(shù)的隱蔽信道構(gòu)造方法。本文提出在HTTP協(xié)議上利用瀏覽器發(fā)出的HTTP請(qǐng)求來(lái)構(gòu)造隱蔽信道,不需要使用額外的客戶端程序;通過(guò)多主機(jī)和多Web應(yīng)用構(gòu)成多路徑請(qǐng)求傳輸模式,利用多個(gè)瀏覽器向不同的Web應(yīng)用發(fā)送HTTP請(qǐng)求來(lái)傳輸隱蔽信息片段,使得隱蔽信道具有較高的信道容量和較強(qiáng)的隱蔽性;提出了模擬HTTP數(shù)據(jù)包間間隔的方案來(lái)模擬正常的瀏覽器的請(qǐng)求行為,可以提高隱蔽信道的抗檢測(cè)性能;而HTTP協(xié)議在運(yùn)輸層使用了 TCP協(xié)議的可靠傳輸服務(wù),因此該隱蔽信道即使在較差的網(wǎng)絡(luò)環(huán)境中遇到HTTP數(shù)據(jù)包丟失和亂序等情況的概率也比較低。本文致力于設(shè)計(jì)并實(shí)現(xiàn)基于Web應(yīng)用目錄樹(shù)的隱蔽信道構(gòu)造方法,并通過(guò)實(shí)驗(yàn)結(jié)果評(píng)價(jià)了該隱蔽信道的容量、魯棒性和隱蔽性。實(shí)驗(yàn)證明,隱蔽信道能夠躲避現(xiàn)有的兩種檢測(cè)基于HTTP協(xié)議隱蔽信道的方法(基于協(xié)議指紋的檢測(cè)方法和基于應(yīng)用簽名的檢測(cè)方法)。在網(wǎng)絡(luò)環(huán)境較差的情況下,該信道仍具有較好的信道容量、魯棒性和隱蔽性,因此它是一種新型和有效的基于HTTP請(qǐng)求行為的網(wǎng)絡(luò)隱蔽信道。
[Abstract]:The network covert channel provides the ability of information covert transmission for two communication entities in the Internet. It uses the ubiquitous protocol packets in the Internet as the carrier to carry out the covert transmission of information. Therefore, it is one of the serious threats to the security of the network environment. As one of the most commonly used protocols on the Internet, the HTTP protocol accounts for about half of all traffic on the Internet. Most of the existing covert channels based on HTTP protocol are constructed by using web page redirect Cookies-HTTP request header and HTML elements, etc. This paper aims at the existing covert channels based on HTTP protocol. Some shortcomings of the network covert channel of HTTP protocol, Based on the data structure of HTTP request behavior and tree, a method of constructing covert channel based on Web application directory tree is proposed. In this paper, the covert channel is constructed by using HTTP request made by browser on HTTP protocol. There is no need to use additional client programs; multipath request transmission mode is formed by multi-host and multi-#en0# applications, HTTP requests are sent by multiple browsers to different Web applications to transmit covert information fragments. It makes the covert channel have higher channel capacity and better concealment. A scheme of simulating the interval between HTTP packets is proposed to simulate the request behavior of the normal browser, which can improve the anti-detection performance of the covert channel. The HTTP protocol uses the reliable transport service of the TCP protocol in the transport layer. Therefore, the probability of the covert channel encountered in the case of HTTP packet loss and disorder in a poor network environment is relatively low. This paper is devoted to design and implement a method of constructing covert channel based on Web application directory tree. The capacity, robustness and concealment of the covert channel are evaluated by experimental results. The covert channel can avoid the existing two methods of detecting the covert channel based on HTTP protocol (the detection method based on the protocol fingerprint and the detection method based on the application signature). This channel still has good channel capacity, robustness and concealment, so it is a new and effective covert channel based on HTTP request behavior.
【學(xué)位授予單位】：南京理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 王永吉;吳敬征;曾海濤;丁麗萍;廖曉鋒;;隱蔽信道研究[J];軟件學(xué)報(bào);2010年09期

2 張樹(shù)勇;萬(wàn)厚沖;;基于模型的時(shí)間隱蔽信道的一種算法[J];科技風(fēng);2010年05期

3 汪婧;高能;林t燂，

本文編號(hào)：1568646