本文選題：自相關(guān)檢測 + 傅里葉變換　； 參考：《浙江理工大學(xué)》2017年碩士論文

【摘要】：隨著VPN技術(shù)被企業(yè)與個人廣泛使用,為了保障數(shù)據(jù)傳輸?shù)陌踩?VPN流量具有加密性和私有性等特點,但是由于加密強度的日益提升,針對VPN協(xié)議的審計也越來越困難,因此保障VPN網(wǎng)絡(luò)安全的技術(shù)也成了制約VPN協(xié)議識別的因素。在VPN協(xié)議識別研究領(lǐng)域,對VPN協(xié)議中加密數(shù)據(jù)的識別是一個關(guān)鍵,為此本文提出一種新的自相關(guān)隨機性檢測算法。該算法先對樣本數(shù)據(jù)列進行移位自相關(guān)計算,為了加快檢測速度,算法利用傅里葉變換和傅里葉逆變換來快速計算相關(guān)值,在保證了較高檢測率的同時,提升了加密數(shù)據(jù)流識別的速度。實驗中采用不同文件類型加密樣本進行隨機序列采集,利用本文算法對樣本集進行處理,從結(jié)果中可以看出,本算法在數(shù)據(jù)的隨機性檢測上具有較好的識別效果。在識別方式上,為了進一步對VPN數(shù)據(jù)流量進行精確的篩選和分類,設(shè)計并實現(xiàn)了基于Mina2異步框架的VPN協(xié)議主動識別系統(tǒng),系統(tǒng)采用了一種基于主動識別模式的適用于VPN協(xié)議識別的方法。主動識別在識別方式上不同于常規(guī)通過端口鏡像獲取數(shù)據(jù)進行協(xié)議識別和分類的方法,而是通過構(gòu)造VPN請求報文與服務(wù)器進行主動交互,并對響應(yīng)信息進行基于VPN協(xié)議的特征匹配,該方法解決了常規(guī)端口鏡像數(shù)據(jù)協(xié)議識別方法由于硬件性能受限容易出現(xiàn)數(shù)據(jù)漏報以及誤報等缺陷的問題。實驗中使用基于異步事件觸發(fā)機制的Apache Mina2網(wǎng)絡(luò)應(yīng)用框架,通過與目標服務(wù)器建立主動連接的方式,對VPN協(xié)議實現(xiàn)了精準識別。由系統(tǒng)實驗結(jié)果可以看出,本系統(tǒng)對VPN協(xié)議,主要包括PPTP、L2TP和OpenVPN,均有較高的識別率,從而為VPN協(xié)議識別提供了一個高效可行的解決方案。實驗結(jié)果說明了在VPN協(xié)議識別中,單純基于協(xié)議特征的被動識別模式并不適用于VPN協(xié)議的識別與分類,而采用主動識別模式在識別率上則可以達到較好的識別與分類效果。本文通過對上述兩方面的研究,使得VPN協(xié)議識別的準確程度以及識別效果更加穩(wěn)定和精確。
[Abstract]:With the widespread use of VPN technology by enterprises and individuals, in order to ensure the security of data transmission, VPN traffic has the characteristics of encryption and privacy. However, due to the increasing encryption intensity, it is becoming more and more difficult to audit VPN protocol. Therefore, the technology of protecting VPN network security also becomes the factor that restricts VPN protocol identification. In the field of VPN protocol recognition, it is a key to recognize encrypted data in VPN protocol. Therefore, a new auto-correlation random detection algorithm is proposed in this paper. In order to speed up the detection speed, the algorithm uses Fourier transform and inverse Fourier transform to calculate the correlation value quickly, which ensures the high detection rate at the same time, in order to speed up the detection speed, the algorithm first carries on the shift autocorrelation calculation to the sample data column, the algorithm uses the Fourier transform and the Fourier inverse transform to calculate the correlation value quickly. Improved the speed of encrypted data stream recognition. In the experiment, different file types are used to encrypt samples for random sequence acquisition, and the algorithm is used to process the sample set. From the results, it can be seen that the algorithm has a better recognition effect on the randomness detection of data. In recognition mode, in order to filter and classify VPN data flow accurately, a VPN protocol active identification system based on Mina2 asynchronous framework is designed and implemented. The system adopts a method of VPN protocol recognition based on active recognition pattern. The method of active recognition is different from the conventional method of obtaining data through port mirror for protocol identification and classification. Instead, the VPN request message is constructed for active interaction with the server. The response information is matched based on VPN protocol. This method solves the problems of common port mirror data protocol recognition method which is prone to data misinformation and false positives due to limited hardware performance. In the experiment, the Apache Mina2 network application framework based on asynchronous event triggering mechanism is used to accurately identify the Apache protocol by establishing an active connection with the target server. It can be seen from the experimental results that the system has a high recognition rate for VPN protocols, including PPTPU L2TP and OpenVPN, which provides an efficient and feasible solution for VPN protocol identification. The experimental results show that the passive recognition pattern based on protocol features is not suitable for VPN protocol recognition and classification, but the active recognition pattern can achieve better recognition and classification results. In this paper, the above two aspects of the research, VPN protocol recognition accuracy and recognition effect more stable and accurate.
【學(xué)位授予單位】：浙江理工大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 李智宏;;VPN技術(shù)在局域網(wǎng)中的應(yīng)用[J];電子測試;2016年11期

2 吳楊;王韜;邢萌;李進東;;基于小波分解的鏈路層加密數(shù)據(jù)識別方法[J];華中科技大學(xué)學(xué)報(自然科學(xué)版);2015年08期

3 王蓉;;基于0-1游程頻數(shù)檢測的鏈路層加密數(shù)據(jù)識別[J];科技通報;2014年10期

4 吳楊;馬云飛;王韜;邢萌;;基于隨機性檢測的鏈路層加密數(shù)據(jù)盲識別方案[J];計算機科學(xué);2014年08期

5 李湘鋒;趙有健;全成斌;;對稱密鑰加密算法在IPsec協(xié)議中的應(yīng)用[J];電子測量與儀器學(xué)報;2014年01期

6 趙博;郭虹;劉勤讓;鄔江興;;基于加權(quán)累積和檢驗的加密流量盲識別算法[J];軟件學(xué)報;2013年06期

7 熊剛;孟姣;曹自剛;王勇;郭莉;方濱興;;網(wǎng)絡(luò)流量分類研究進展與展望[J];集成技術(shù);2012年01期

8 卓先德;趙菲;曾德明;;非對稱加密技術(shù)研究[J];四川理工學(xué)院學(xué)報(自然科學(xué)版);2010年05期

9 石穎;;基于SSL協(xié)議的VPN技術(shù)的研究與實現(xiàn)[J];電腦知識與技術(shù);2009年19期

10 張華熊;朱詩威;章晨衍;;基于音頻匹配的廣告智能監(jiān)播算法[J];電子器件;2008年02期

，

本文編號：1999826