發(fā)布時(shí)間：2018-05-29 19:09

  本文選題：數(shù)據(jù)隱私 + SSH隧道技術(shù)��； 參考：《山東大學(xué)》2014年碩士論文

【摘要】：最近幾年網(wǎng)絡(luò)技術(shù)發(fā)展迅速,信息網(wǎng)絡(luò)在保障社會(huì)發(fā)展方面扮演著愈來(lái)愈重要角色,但各類黑客攻擊事件、隱私泄露事件時(shí)有發(fā)生,網(wǎng)絡(luò)安全愈來(lái)愈受到重視。而僅通過(guò)使用各種殺毒軟件和安全衛(wèi)士來(lái)已經(jīng)難以保證計(jì)算機(jī)系統(tǒng)運(yùn)行的安全性,尤其是通信時(shí)的隱私安全問(wèn)題,越來(lái)越多的應(yīng)用開始采用加密通信數(shù)據(jù)的方式來(lái)保護(hù)用戶的通信隱私,其中使用應(yīng)用層隧道(如SSH)來(lái)加密通信數(shù)據(jù)變得越來(lái)越普遍,一方面,人們想通過(guò)加密隧道來(lái)保護(hù)他們的通信數(shù)據(jù)的隱私性,另一方面,他們希望以此來(lái)保護(hù)他們使用的應(yīng)用類型等行為的隱私性,還有一些人通過(guò)SSH等隧道隱藏自己的一些非法活動(dòng)。因此,加密的隧道流量的識(shí)別變得越來(lái)越重要。 隨著各種應(yīng)用協(xié)議數(shù)量越來(lái)越多,網(wǎng)絡(luò)應(yīng)用難以再嚴(yán)格地遵循使用統(tǒng)一分配的端口提供服務(wù)的規(guī)則,基于端口的流量識(shí)別方法識(shí)別效果急劇下降,而SSH協(xié)議通信過(guò)程中的數(shù)據(jù)報(bào)文是經(jīng)過(guò)加密的,協(xié)議模型匹配和基于載荷檢測(cè)等識(shí)別方法均不再適用。 雖然SSH協(xié)議通信過(guò)程中數(shù)據(jù)報(bào)文是密文的,但在正式的數(shù)據(jù)傳輸之前,為建立安全連接所發(fā)送的報(bào)文是明文的,且通信過(guò)程中的包長(zhǎng)、包到達(dá)時(shí)間間隔、報(bào)文方向和到達(dá)順序是可知的。本文根據(jù)SSH協(xié)議通信的以上幾個(gè)主要特征設(shè)計(jì)算法,首先,將基于端口的識(shí)別方法和基于載荷特征的識(shí)別方法相結(jié)合識(shí)別出網(wǎng)絡(luò)中的SSH流,然后,使用基于行為特征的應(yīng)用協(xié)議識(shí)別方法對(duì)SSH流進(jìn)行分類,選取流的正向、反向和雙向流的TCP載荷長(zhǎng)度和報(bào)文到達(dá)時(shí)間間隔,以及反向報(bào)文所占比重這七個(gè)特征,使用訓(xùn)練集分別計(jì)算出每類要識(shí)別的應(yīng)用類別流的特征的期望和方差。對(duì)于給定流,計(jì)算流的每個(gè)特征的期望和方差,然后計(jì)算該流屬于給定分類的概率,取最大值,則該流屬于該類別。 以本文所提出的識(shí)別算法為核心,構(gòu)造了一個(gè)SSH流分類系統(tǒng)。該系統(tǒng)分為數(shù)據(jù)采集模塊,SSH流分類模塊,數(shù)據(jù)庫(kù)模塊和展示模塊四部分。該系統(tǒng)通過(guò)數(shù)據(jù)采集模塊獲取網(wǎng)絡(luò)中的通信數(shù)據(jù)報(bào)文,并將獲取到的通信數(shù)據(jù)報(bào)文傳送給分類系統(tǒng)的核心模塊——SSH流分類模塊進(jìn)行識(shí)別和分類。分類模塊將報(bào)文的預(yù)處理結(jié)果和識(shí)別結(jié)果分別寫入數(shù)據(jù)庫(kù)模塊供展示模塊使用。展示模塊通過(guò)讀取數(shù)據(jù)庫(kù)內(nèi)存儲(chǔ)的報(bào)文預(yù)處理結(jié)果和識(shí)別結(jié)果可以將網(wǎng)絡(luò)中的流變化和SSH流識(shí)別結(jié)果直觀展現(xiàn)給用戶。
[Abstract]:In recent years, with the rapid development of network technology, information network plays a more and more important role in ensuring social development. However, all kinds of hacking attacks and privacy leaks have occurred from time to time, and network security has been paid more and more attention. However, it is difficult to guarantee the security of computer system by using all kinds of antivirus software and security guards, especially the privacy security in communication. More and more applications begin to use the way of encrypting communication data to protect the user's communication privacy, among them, using application layer tunnel (such as SSH) to encrypt the communication data becomes more and more common, on the one hand, People want to protect the privacy of their communications data through encrypted tunnels, and on the other hand, they want to protect the privacy of behaviors such as the types of applications they use. Others hide their illegal activities through tunnels such as SSH. Therefore, the identification of encrypted tunnel traffic becomes more and more important. With the increasing number of application protocols, it is difficult for network applications to strictly follow the rules of using uniformly allocated ports to provide services. However, the data packets in the communication process of SSH protocol are encrypted, and the identification methods such as protocol model matching and load based detection are no longer applicable. Although the data message is ciphertext in the communication process of SSH protocol, before the formal data transmission, the message sent to establish the secure connection is clear text, and the packet length in the communication process, the packet arrival time interval, The direction of the message and the order of arrival are known. According to the above main features of SSH protocol communication, this paper designs algorithms. Firstly, the port based identification method and the load feature based recognition method are combined to identify the SSH flow in the network. This paper classifies SSH flows by using behavioral feature based application protocol recognition method, selects seven features: forward flow, TCP load length and message arrival time interval of reverse and bidirectional flows, and the proportion of reverse packets. The expectation and variance of the features of the application class flow to be identified by each class are calculated by using the training set. For a given flow, the expectation and variance of each characteristic of the flow are calculated, and then the probability of the flow belonging to a given classification is calculated, and the maximum value is taken, then the flow belongs to the class. Based on the recognition algorithm proposed in this paper, a SSH stream classification system is constructed. The system is divided into four parts: data acquisition module, SSH stream classification module, database module and display module. The system acquires the communication data message in the network through the data acquisition module, and transmits the obtained communication data message to the SSH stream classification module, the core module of the classification system, for identification and classification. The classification module writes the message preprocessing result and the recognition result into the database module for display module. By reading the preprocessing result and the recognition result of the message stored in the database, the display module can show the flow change and the SSH stream recognition result directly to the user.
【學(xué)位授予單位】：山東大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 黃昆;張大方;謝高崗;金軍航;;一種面向深度數(shù)據(jù)包檢測(cè)的緊湊型正則表達(dá)式匹配算法[J];中國(guó)科學(xué):信息科學(xué);2010年02期

2 高光勇,謝志恒;網(wǎng)絡(luò)入侵檢測(cè)系統(tǒng)中的包截獲和報(bào)文解析[J];齊齊哈爾大學(xué)學(xué)報(bào);2004年03期

，

本文編號(hào)：1952055