【摘要】：隨著網(wǎng)絡(luò)技術(shù)的不斷發(fā)展,網(wǎng)絡(luò)中的數(shù)據(jù)泄漏現(xiàn)象也日益嚴(yán)重,在網(wǎng)絡(luò)中大量成功部署的防火墻和入侵檢測(cè)系統(tǒng),已難以滿(mǎn)足網(wǎng)絡(luò)安全防護(hù)的需求。特別是近年來(lái),基于隱蔽信道的安全威脅越來(lái)越多,因此,對(duì)內(nèi)部數(shù)據(jù)保護(hù)的隱蔽信道檢測(cè)系統(tǒng)研究,具有一定的指導(dǎo)意義。論文中首先對(duì)隱蔽信道的相關(guān)機(jī)制展開(kāi)介紹,并對(duì)其相關(guān)檢測(cè)技術(shù)進(jìn)行分析研究,發(fā)現(xiàn)當(dāng)前針對(duì)隱蔽信道檢測(cè)研究中必須在已知信道的前提下進(jìn)行,而且一般只能實(shí)現(xiàn)單一信道的檢測(cè)。而在實(shí)際的環(huán)境部署中,實(shí)現(xiàn)對(duì)多種不同類(lèi)型信道的盲檢測(cè)是對(duì)檢測(cè)系統(tǒng)的基本要求。論文首先從系統(tǒng)設(shè)計(jì)需求出發(fā),信道檢測(cè)需求中對(duì)已有的經(jīng)典隱蔽信道原理及其信道特征進(jìn)行分析,從信道檢測(cè)方法的角度對(duì)其進(jìn)行分類(lèi),給出了基于模式的隱蔽信道(PCC)、基于知識(shí)的隱蔽信道(KCC)和基于統(tǒng)計(jì)的隱蔽信道(SCC)三種信道類(lèi)型,為系統(tǒng)設(shè)計(jì)中的檢測(cè)策略設(shè)計(jì)提供基礎(chǔ),而環(huán)境需求和管理需求則對(duì)系統(tǒng)配置設(shè)計(jì)提出要求。接著設(shè)計(jì)構(gòu)建了網(wǎng)絡(luò)隱蔽信道檢測(cè)系統(tǒng),其中檢測(cè)模塊包含PCC、KCC和SCC三個(gè)檢測(cè)器,分別針對(duì)不同類(lèi)型的隱蔽信道進(jìn)行檢測(cè),其中PCC檢測(cè)器通過(guò)信道特征規(guī)則匹配識(shí)別信道,KCC利用局域網(wǎng)絡(luò)環(huán)境知識(shí)識(shí)別信道,而在SCC的檢測(cè)過(guò)程中,使用了密度聚類(lèi)檢測(cè)算法,三個(gè)檢測(cè)器的檢測(cè)過(guò)程在實(shí)現(xiàn)獨(dú)立工作的同時(shí),保證了協(xié)調(diào)互補(bǔ)。系統(tǒng)對(duì)各個(gè)模塊的具體實(shí)現(xiàn)展開(kāi)詳細(xì)說(shuō)明。論文搭建了模擬測(cè)試環(huán)境,設(shè)置了不同的網(wǎng)絡(luò)場(chǎng)景對(duì)系統(tǒng)的檢測(cè)器功能的可用性及檢測(cè)策略的有效性進(jìn)行測(cè)試驗(yàn)證,結(jié)果表明,系統(tǒng)實(shí)現(xiàn)了對(duì)網(wǎng)絡(luò)中隱蔽信道的盲檢測(cè),功能全面、信道檢測(cè)效果好,具有很好的通用性和可拓展性。
[Abstract]:With the development of network technology, the phenomenon of data leakage in the network is becoming more and more serious. The firewall and intrusion detection system which are successfully deployed in the network have been unable to meet the requirements of network security protection. Especially in recent years, there are more and more security threats based on covert channel. Therefore, the research of covert channel detection system based on internal data protection has certain guiding significance. In this paper, we first introduce the related mechanism of covert channel, and analyze the related detection technology. It is found that the current research on covert channel detection must be carried out under the premise of known channel. And generally can only achieve a single channel detection. In the actual environment deployment, blind detection of different kinds of channels is the basic requirement of detection system. Firstly, from the system design requirements, the classical hidden channel principle and channel characteristics are analyzed and classified from the point of view of channel detection methods. Three types of covert channel (KCC) based on knowledge and covert channel (SCC) based on statistics are presented in this paper, which provide the basis for the design of detection strategy in system design. Environmental requirements and management requirements are required for system configuration design. Then, a network covert channel detection system is designed and constructed, in which the detection module consists of three detectors, PCCC KCC and SCC, which are used to detect different types of covert channels, respectively. The PCC detector uses the knowledge of local network environment to identify the channel by matching the channel characteristic rules, while the density clustering algorithm is used in the detection of SCC. The detection process of the three detectors can work independently and ensure the coordination and complementarity. The system describes the implementation of each module in detail. In this paper, a simulated test environment is built, and different network scenarios are set up to test the availability of the detector function and the effectiveness of the detection strategy. The results show that the system realizes blind detection of the hidden channels in the network. The function is comprehensive, the channel detection effect is good, has the very good universality and the expansibility.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【相似文獻(xiàn)】

相關(guān)期刊論文 前10條

1 王永吉;吳敬征;曾海濤;丁麗萍;廖曉鋒;;隱蔽信道研究[J];軟件學(xué)報(bào);2010年09期

2 張樹(shù)勇;萬(wàn)厚沖;;基于模型的時(shí)間隱蔽信道的一種算法[J];科技風(fēng);2010年05期

3 汪婧;高能;林t燂，

本文編號(hào)：2183521