發(fā)布時(shí)間：2018-08-07 07:33

【摘要】：隨著互聯(lián)網(wǎng)的蓬勃發(fā)展,基于網(wǎng)絡(luò)協(xié)議的隱信道研究吸引了越來越多研究者的關(guān)注。網(wǎng)絡(luò)媒介具有動(dòng)態(tài)性、瞬時(shí)性和基數(shù)大等特性,以網(wǎng)絡(luò)協(xié)議為載體構(gòu)建隱蔽通信,具有其他載體無法比擬的優(yōu)勢(shì)。加之傳統(tǒng)加密技術(shù)的安全性日漸受到威脅,已不能滿足人們對(duì)信息安全傳輸?shù)男枰６W(wǎng)絡(luò)隱信道隱藏了隱秘信息的存在,成為備受人們青睞的選擇。目前,網(wǎng)絡(luò)協(xié)議隱信道在構(gòu)建研究方面已經(jīng)取得了一定的成果,而其檢測(cè)技術(shù)研究尚處于起步階段。目前已有木馬結(jié)合網(wǎng)絡(luò)隱信道造成隱私泄露事件,這給網(wǎng)絡(luò)安全與個(gè)人隱私安全帶來了嚴(yán)峻的挑戰(zhàn)。因此,研究網(wǎng)絡(luò)協(xié)議隱信道及其檢測(cè)技術(shù)是非常有必要的。針對(duì)網(wǎng)絡(luò)協(xié)議隱信道的研究現(xiàn)狀,本文分別從檢測(cè)技術(shù)和新型構(gòu)建方案兩個(gè)方向?qū)W(wǎng)絡(luò)協(xié)議隱信道展開研究。在檢測(cè)研究方面,我們?cè)诂F(xiàn)有的存儲(chǔ)型和時(shí)序型隱信道構(gòu)建研究的基礎(chǔ)上,針對(duì)基于TCP/IP的存儲(chǔ)型隱信道,提出了基于協(xié)議行為的多維特征向量檢測(cè)算法;對(duì)時(shí)序型隱信道,設(shè)計(jì)了基于時(shí)序指紋的時(shí)序型隱信道綜合檢測(cè)算法;然后設(shè)計(jì)出一個(gè)實(shí)用的網(wǎng)絡(luò)協(xié)議隱信道檢測(cè)框架。在構(gòu)建研究方面,鑒于存儲(chǔ)型和時(shí)序型隱信道的構(gòu)建研究現(xiàn)狀,我們?cè)O(shè)計(jì)了一種基于瀏覽器HTTP行為的新型應(yīng)用層隱信道。本文的主要研究內(nèi)容和貢獻(xiàn)總結(jié)如下:1.基于存儲(chǔ)型隱信道的研究現(xiàn)狀,我們研究了基于TCP/IP的存儲(chǔ)型隱信道檢測(cè)技術(shù)。由于現(xiàn)有的存儲(chǔ)型隱信道檢測(cè)算法大都是目標(biāo)檢測(cè),僅能針對(duì)性地檢測(cè)某個(gè)存儲(chǔ)型隱信道,缺少一種全面綜合的檢測(cè)算法。而且,現(xiàn)有的算法僅從載體字段值的規(guī)律入手,忽略了每個(gè)頭部字段均有其固有的行為特征。通過將TCP/IP各頭部字段的行為特征用相鄰數(shù)據(jù)包字段值的規(guī)律性或相關(guān)性表示出來,我們?cè)O(shè)計(jì)了一個(gè)基于協(xié)議行為的多維特征向量檢測(cè)算法,該算法可以有效地檢測(cè)基于TCP/IP頭部的存儲(chǔ)型隱信道。該算法的SVM分類模型采用合法信道與隱信道的行為特征向量進(jìn)行訓(xùn)練,并通過測(cè)試反饋進(jìn)行優(yōu)化。實(shí)驗(yàn)結(jié)果表明,該算法對(duì)基于TCP/IP頭部字段的存儲(chǔ)型隱信道取得了良好的檢測(cè)效果。2.現(xiàn)有的時(shí)序型隱信道檢測(cè)算法均是針對(duì)專門的時(shí)序型隱信道設(shè)計(jì)的,每個(gè)檢測(cè)算法都有其自身的適用性和局限性。針對(duì)該問題,我們?cè)O(shè)計(jì)了基于時(shí)序指紋的時(shí)序型隱信道綜合檢測(cè)算法,該算法利用現(xiàn)有的四種公認(rèn)的檢測(cè)算法(KS檢測(cè)算法、ε相似度檢測(cè)算法、Entropy檢測(cè)算法、CCE檢測(cè)算法),將這些算法從不同角度的衡量標(biāo)準(zhǔn)聯(lián)合起來提取指紋特征,并選擇四個(gè)典型的時(shí)序型隱信道,IPCTC、LtoN、TRCTC和MBCTC的時(shí)序指紋作為時(shí)序型隱信道的指紋特征。該算法訓(xùn)練生成的SVM分類模型,可以識(shí)別出基于TCP/IP的時(shí)序型隱信道。通過測(cè)試實(shí)驗(yàn)和盲檢測(cè)兩組實(shí)驗(yàn)進(jìn)行驗(yàn)證,結(jié)果表明,該檢測(cè)算法能有效檢測(cè)基于TCP/IP的時(shí)序型隱信道,并可以在一定程度上對(duì)時(shí)序型隱信道實(shí)現(xiàn)盲檢測(cè)。3.針對(duì)存儲(chǔ)型和時(shí)序型隱信道檢測(cè)的實(shí)用性問題,我們?cè)O(shè)計(jì)了一個(gè)網(wǎng)絡(luò)協(xié)議隱信道檢測(cè)框架。由于隱信道的檢測(cè)算法與具體的隱藏算法相關(guān)聯(lián),現(xiàn)有的檢測(cè)算法僅能檢測(cè)一種或幾種針對(duì)性的隱信道。因此,基于前面兩章的檢測(cè)算法研究,我們提出了一個(gè)可實(shí)用的網(wǎng)絡(luò)協(xié)議隱信道檢測(cè)框架,并給出了各模塊的功能設(shè)計(jì)。通過分析,基于該框架的檢測(cè)系統(tǒng)是高效的、全面的、可擴(kuò)展的和可學(xué)習(xí)的,通過這些性質(zhì),該系統(tǒng)能夠?qū)崿F(xiàn)對(duì)基于TCP/IP的存儲(chǔ)型和時(shí)序型隱信道的盲檢測(cè)。4.針對(duì)網(wǎng)絡(luò)協(xié)議隱信道構(gòu)建研究的現(xiàn)狀,我們研究了基于HTTP的新型應(yīng)用層隱信道的設(shè)計(jì)問題。通過網(wǎng)站訪問抓包實(shí)驗(yàn),我們發(fā)現(xiàn)了瀏覽器的HTTP行為:當(dāng)打開一個(gè)網(wǎng)頁時(shí),HTTP請(qǐng)求報(bào)文和HTTP數(shù)據(jù)流的分布關(guān)系是動(dòng)態(tài)變化的。以瀏覽器的HTTP行為作載體,我們提出了一個(gè)基于HTTP行為的LiHB隱信道,該隱信道采用HTTP請(qǐng)求-流分布的組合數(shù)學(xué)性質(zhì)編碼嵌入隱秘信息,沒有修改HTTP報(bào)文的內(nèi)容或格式,具有很好的隱蔽性和可靠性。而且,LiHB能穿過Web代理服務(wù)器,將局域網(wǎng)內(nèi)的信息泄露出去。針對(duì)LiHB存在的不足,我們?cè)O(shè)計(jì)了更隱蔽高效的HBCC隱信道。它采用與合法信道獨(dú)立同分布的包間間隔序列來模擬正常的HTTP請(qǐng)求分布,又采用網(wǎng)頁的頻繁訪問項(xiàng)集模仿正常用戶的瀏覽模式。實(shí)驗(yàn)結(jié)果表明,LiHB和HBCC具有很好的可靠性,而且HBCC的信道容量和抗檢測(cè)性優(yōu)于LiHB隱信道。
[Abstract]:With the rapid development of the Internet, the research of hidden channels based on network protocols attracts more and more researchers. The network media has the characteristics of dynamic, instantaneous and cardinal numbers. The network protocol is used as the carrier to build covert communication, which has the advantages that other carriers can't compare with. And the security of traditional encryption technology is increasingly getting more and more popular. Threats can not meet the needs of people to transmit information safely. The hidden channel of the network has hidden the existence of secret information, which has become a popular choice. At present, the hidden channel of network protocol has achieved certain achievements in the research of construction, and the research of its detection technology is still in its infancy. Hidden channels cause privacy disclosure, which poses a severe challenge to network security and personal privacy. Therefore, it is necessary to study the hidden channel of network protocol and its detection technology. In view of the research status of the hidden channel of network protocol, this paper deals with the hidden channel of network protocol from two directions of detection technology and new construction scheme. On the basis of the existing storage type and time series implicit channel construction, we propose a multi-dimensional eigenvector detection algorithm based on protocol behavior for the storage type hidden channel based on TCP/IP, and design a sequential hidden channel integrated detection algorithm based on time series fingerprint. Then a practical network protocol hidden channel detection framework is designed. In the construction research, in view of the status of the storage and sequential hidden channel construction, we design a new application layer hidden channel based on the browser HTTP behavior. The main research contents and contributions of this paper are as follows: 1. In the present situation, we study the hidden channel detection technology based on TCP/IP. Since most of the existing hidden channel detection algorithms are target detection, only a stored hidden channel can be detected, and a comprehensive and comprehensive detection algorithm is lacking. Moreover, the existing algorithm only starts with the law of the carrier field value, neglects every one. A header field has its inherent behavioral characteristics. By expressing the behavior characteristics of the TCP/IP head fields with the regularity or correlation of the value of the adjacent packet field, we design a multi-dimensional eigenvector detection algorithm based on the protocol behavior, which can effectively detect the stored hidden channel based on the TCP/IP head. The SVM classification model of the algorithm is trained by the behavior characteristic vector of the legal channel and the hidden channel, and is optimized by the test feedback. The experimental results show that the algorithm has good detection effect on the stored hidden channel based on the TCP/IP head field..2. existing time series hidden channel detection algorithms are targeted to special time. Each detection algorithm has its own applicability and limitation. In order to solve this problem, we design a sequential hidden channel integrated detection algorithm based on time series fingerprint. The algorithm uses four existing recognized detection algorithms (KS detection algorithm, epsilon similarity detection algorithm, Entropy detection algorithm, CCE detection algorithm). These algorithms are combined to extract fingerprint features from different angles and select four typical sequential hidden channels, IPCTC, LtoN, TRCTC and MBCTC as the fingerprint features of the time series hidden channel. The algorithm trains the generated SVM classification model and can identify the sequential hidden channel based on TCP/IP. Test experiments and blind detection of two groups are verified. The results show that the detection algorithm can effectively detect the sequential hidden channel based on TCP/IP, and to a certain extent, we can detect the practicality of the blind detection.3. for the storage and sequential hidden channel detection to a certain extent. We design a network protocol hidden channel detection. Since the detection algorithms of hidden channels are associated with specific hidden algorithms, the existing detection algorithms can only detect one or more specific hidden channels. Therefore, based on the detection algorithms in the previous two chapters, we propose a practical framework for detection of hidden channels for network protocols, and give the function design of each module. Analysis, the detection system based on this framework is efficient, comprehensive, extensible and learning. Through these properties, the system can realize the research on the blind detection of TCP/IP based storage and time series hidden channels for network protocol implicit channel construction. We studied the design of a new application layer hidden channel based on HTTP. Through the web site access experiment, we found the HTTP behavior of the browser: when a web page is opened, the distribution of the HTTP request message and the HTTP data flow is dynamically changed. With the browser's HTTP behavior as the carrier, we propose a LiHB hidden channel based on the HTTP behavior, and the Cain channel uses the HTTP request flow distribution. The combination of mathematical properties encodes embedded secret information and does not modify the content or format of the HTTP message. It has good concealment and reliability. Moreover, LiHB can pass through the Web proxy server to disclose the information in the LAN. In view of the shortcomings of the LiHB, we designed a more hidden and efficient HBCC hidden channel. It is used with the legal channel. The independent and identically distributed interval sequence is used to simulate the normal HTTP request distribution, and the frequent access items of the web page are used to imitate the normal user's browsing mode. The experimental results show that LiHB and HBCC have good reliability, and the channel capacity and anti detectability of HBCC are better than those of LiHB hidden channels.
【學(xué)位授予單位】：中國科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.04

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 李元忠;航天電子設(shè)備信道綜合利用概述[J];電訊技術(shù);1983年06期

2 張軍，，潘磊，方新，張其善;甚高頻空地?cái)?shù)據(jù)鏈信道訪問模型及性能分析[J];航空學(xué)報(bào);1999年04期

3 劉達(dá)明;汪一鳴;葉丹;;認(rèn)知用戶信道隨機(jī)選擇和最優(yōu)選擇策略的性能比較[J];蘇州大學(xué)學(xué)報(bào)(工科版);2009年03期

4 馮慧江;;分組數(shù)據(jù)通過衛(wèi)星信道傳輸若干問題的分析[J];無線電通信技術(shù);1991年02期

5 耿翠英,關(guān)哲剛,張華鋒;數(shù)據(jù)信號(hào)在通信信道傳輸中附加干擾的抑制[J];齊齊哈爾大學(xué)學(xué)報(bào);2000年03期

6 曾昆;彭啟航;唐友喜;;報(bào)告信道傳輸錯(cuò)誤環(huán)境下協(xié)作感知最優(yōu)用戶數(shù)分析[J];信號(hào)處理;2011年03期

7 魯偉;孫建鋒;潘衛(wèi)清;曲偉娟;朱勇健;陽慶國;劉立人;;空潛信道中基于多光束陣列的二維圖案?jìng)鬏擺J];中國激光;2006年07期

8 盧志忠,孫紅敏,李玉清;低壓電力線載波通信信道傳輸特性分析[J];黑龍江電力;2002年06期

9 苗長云,梁全市,薛鵬騫,楊維;市話信道測(cè)試研究[J];阜新礦業(yè)學(xué)院學(xué)報(bào)(自然科學(xué)版);1993年03期

10 Avaya Inc.;綜合布線系統(tǒng)信道富余量對(duì)網(wǎng)絡(luò)傳輸性能的影響[J];電信工程技術(shù)與標(biāo)準(zhǔn)化;2001年02期

相關(guān)會(huì)議論文 前1條

1 魏芳;;淺議IEEE802.11e中的TXOP[A];四川省通信學(xué)會(huì)2009年學(xué)術(shù)年會(huì)論文集[C];2009年

相關(guān)重要報(bào)紙文章 前6條

1 ;信道富余量對(duì)網(wǎng)絡(luò)傳輸性能的影響[N];網(wǎng)絡(luò)世界;2001年

2 譚立華;上網(wǎng)永遠(yuǎn)免費(fèi)在線[N];中國計(jì)算機(jī)報(bào);2001年

3 ;上海貝爾AO/DI解決方案及優(yōu)勢(shì)[N];人民郵電;2001年

4 陳飛雪;802.11n標(biāo)準(zhǔn)引爆無線革命[N];中國計(jì)算機(jī)報(bào);2007年

5 蘇成富;數(shù)據(jù)壓縮技術(shù)簡介⑤[N];北京電子報(bào);2001年

6 ;WiMAX標(biāo)準(zhǔn)的特點(diǎn)[N];人民郵電;2005年

相關(guān)博士學(xué)位論文 前10條

1 吳翔宇;同時(shí)同頻全雙工自干擾信道測(cè)量與特征分析[D];電子科技大學(xué);2015年

2 周濤;高速鐵路無線信道傳播特性、建模與測(cè)量方法研究[D];北京交通大學(xué);2016年

3 張明科;基于納米工藝的高速自適應(yīng)均衡技術(shù)的研究與實(shí)現(xiàn)[D];東南大學(xué);2015年

4 李彩華;現(xiàn)代化GNSS信號(hào)收發(fā)信道關(guān)鍵技術(shù)研究[D];國防科學(xué)技術(shù)大學(xué);2015年

5 沈瑤;網(wǎng)絡(luò)協(xié)議隱信道檢測(cè)與新型構(gòu)建方案研究[D];中國科學(xué)技術(shù)大學(xué);2017年

6 何修富;OFDM信道盲估計(jì)方法研究[D];西安電子科技大學(xué);2009年

7 張明;寬帶多天線無線傳播信道的特性、測(cè)量和建模研究[D];北京郵電大學(xué);2008年

8 畢見鑫;子波理論在信道傳輸中的應(yīng)用研究[D];西安電子科技大學(xué);2001年

9 郭晶;隨機(jī)信道下無線通信的安全機(jī)制分析與設(shè)計(jì)[D];清華大學(xué);2011年

10 劉郁林;無線通信中對(duì)時(shí)變色散信道的盲均衡與盲辯識(shí)方法研究[D];電子科技大學(xué);2002年

相關(guān)碩士學(xué)位論文 前10條

1 張平娟;無線信道中的密鑰進(jìn)化與加密[D];西安電子科技大學(xué);2014年

2 陳曉峰;信道模擬器關(guān)鍵技術(shù)研究與實(shí)現(xiàn)[D];西安電子科技大學(xué);2014年

3 趙雪麗;散射信道測(cè)量方案的研究[D];西安電子科技大學(xué);2014年

4 杜娟;CO-OFDM系統(tǒng)中I/Q不平衡和信道估計(jì)補(bǔ)償算法的研究[D];上海交通大學(xué);2015年

5 肖晶成;虛擬Massive MIMO信道測(cè)量系統(tǒng)的研制及大尺度衰落分析[D];北京交通大學(xué);2016年

6 朱進(jìn);短距毫米波無線信道測(cè)量與建模技術(shù)研究[D];東南大學(xué);2015年

7 黃雷;短距離無線信道測(cè)量及其傳播性能分析[D];南京信息工程大學(xué);2016年

8 任和;平行信道的可靠通信研究[D];電子科技大學(xué);2016年

9 楊亞軍;基于壓縮感知的多載波系統(tǒng)信道估計(jì)研究[D];南京郵電大學(xué);2016年

10 吳慧君;超級(jí)信道光網(wǎng)絡(luò)中先進(jìn)調(diào)制方式光信號(hào)性能監(jiān)控研究[D];南京郵電大學(xué);2016年

本文編號(hào)：2169312