【摘要】：隨著網(wǎng)絡(luò)技術(shù)的不斷發(fā)展,網(wǎng)絡(luò)中的數(shù)據(jù)泄漏現(xiàn)象也日益嚴(yán)重,在網(wǎng)絡(luò)中大量成功部署的防火墻和入侵檢測系統(tǒng),已難以滿足網(wǎng)絡(luò)安全防護的需求。特別是近年來,基于隱蔽信道的安全威脅越來越多,因此,對內(nèi)部數(shù)據(jù)保護的隱蔽信道檢測系統(tǒng)研究,具有一定的指導(dǎo)意義。論文中首先對隱蔽信道的相關(guān)機制展開介紹,并對其相關(guān)檢測技術(shù)進(jìn)行分析研究,發(fā)現(xiàn)當(dāng)前針對隱蔽信道檢測研究中必須在已知信道的前提下進(jìn)行,而且一般只能實現(xiàn)單一信道的檢測。而在實際的環(huán)境部署中,實現(xiàn)對多種不同類型信道的盲檢測是對檢測系統(tǒng)的基本要求。論文首先從系統(tǒng)設(shè)計需求出發(fā),信道檢測需求中對已有的經(jīng)典隱蔽信道原理及其信道特征進(jìn)行分析,從信道檢測方法的角度對其進(jìn)行分類,給出了基于模式的隱蔽信道(PCC)、基于知識的隱蔽信道(KCC)和基于統(tǒng)計的隱蔽信道(SCC)三種信道類型,為系統(tǒng)設(shè)計中的檢測策略設(shè)計提供基礎(chǔ),而環(huán)境需求和管理需求則對系統(tǒng)配置設(shè)計提出要求。接著設(shè)計構(gòu)建了網(wǎng)絡(luò)隱蔽信道檢測系統(tǒng),其中檢測模塊包含PCC、KCC和SCC三個檢測器,分別針對不同類型的隱蔽信道進(jìn)行檢測,其中PCC檢測器通過信道特征規(guī)則匹配識別信道,KCC利用局域網(wǎng)絡(luò)環(huán)境知識識別信道,而在SCC的檢測過程中,使用了密度聚類檢測算法,三個檢測器的檢測過程在實現(xiàn)獨立工作的同時,保證了協(xié)調(diào)互補。系統(tǒng)對各個模塊的具體實現(xiàn)展開詳細(xì)說明。論文搭建了模擬測試環(huán)境,設(shè)置了不同的網(wǎng)絡(luò)場景對系統(tǒng)的檢測器功能的可用性及檢測策略的有效性進(jìn)行測試驗證,結(jié)果表明,系統(tǒng)實現(xiàn)了對網(wǎng)絡(luò)中隱蔽信道的盲檢測,功能全面、信道檢測效果好,具有很好的通用性和可拓展性。
[Abstract]:With the development of network technology, the phenomenon of data leakage in the network is becoming more and more serious. The firewall and intrusion detection system which are successfully deployed in the network have been unable to meet the requirements of network security protection. Especially in recent years, there are more and more security threats based on covert channel. Therefore, the research of covert channel detection system based on internal data protection has certain guiding significance. In this paper, we first introduce the related mechanism of covert channel, and analyze the related detection technology. It is found that the current research on covert channel detection must be carried out under the premise of known channel. And generally can only achieve a single channel detection. In the actual environment deployment, blind detection of different kinds of channels is the basic requirement of detection system. Firstly, from the system design requirements, the classical hidden channel principle and channel characteristics are analyzed and classified from the point of view of channel detection methods. Three types of covert channel (KCC) based on knowledge and covert channel (SCC) based on statistics are presented in this paper, which provide the basis for the design of detection strategy in system design. Environmental requirements and management requirements are required for system configuration design. Then, a network covert channel detection system is designed and constructed, in which the detection module consists of three detectors, PCCC KCC and SCC, which are used to detect different types of covert channels, respectively. The PCC detector uses the knowledge of local network environment to identify the channel by matching the channel characteristic rules, while the density clustering algorithm is used in the detection of SCC. The detection process of the three detectors can work independently and ensure the coordination and complementarity. The system describes the implementation of each module in detail. In this paper, a simulated test environment is built, and different network scenarios are set up to test the availability of the detector function and the effectiveness of the detection strategy. The results show that the system realizes blind detection of the hidden channels in the network. The function is comprehensive, the channel detection effect is good, has the very good universality and the expansibility.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 王永吉;吳敬征;曾海濤;丁麗萍;廖曉鋒;;隱蔽信道研究[J];軟件學(xué)報;2010年09期

2 張樹勇;萬厚沖;;基于模型的時間隱蔽信道的一種算法[J];科技風(fēng);2010年05期

3 汪婧;高能;林t燂，

本文編號：2183521