【摘要】：隨著網(wǎng)絡安全問題的日益突出,隱蔽信道作為重要的網(wǎng)絡危害之一,逐漸成為學術研究熱點。根據(jù)隱蔽信息的載體的不同,隱蔽信道分為時間式和存儲式隱蔽信道,另外還有多鏈路式隱蔽信道以及基于包長度的長度式隱蔽信道。本文針對已有的長度式隱蔽信道在統(tǒng)計特征和信道熵中與合法信道的差異問題,提出一種基于隱蔽信息存儲分布的隱蔽信道構(gòu)造方法。首先將不同編碼方式下的隱蔽信息轉(zhuǎn)換為二進制比特流,在該比特流中依次取特定長度的比特串,我們統(tǒng)計比特串的不同取值在比特流中出現(xiàn)的概率,分析這種概率不同的原因以及對傳統(tǒng)長度式隱蔽信道的影響。然后將這一因素考慮到長度式隱蔽信道的構(gòu)建中,設計了新的長度式隱蔽信道構(gòu)造方法。針對信道熵增加的問題,本文設計了一種新型有效的熵調(diào)節(jié)機制,調(diào)節(jié)信道的熵到合法范圍內(nèi)。同時實現(xiàn)了經(jīng)典的參考長度隱蔽信道NTNCC,利用NTNCC和合法信道的數(shù)據(jù)流特征參數(shù),得出檢測信道的統(tǒng)計特征和熵特征的閾值,最后使用統(tǒng)計特征和熵檢測兩種方法檢測了本文設計的隱蔽信道模型的隱蔽性,對比合法信道、NTNCC以及本文設計的隱蔽信道的相關特征的檢測結(jié)果。實驗結(jié)果表明,和傳統(tǒng)參考長度隱蔽信道NTNCC相比,本文設計的長度式隱蔽信道方法,信道的統(tǒng)計特征和熵更接近合法信道,具有更好的隱蔽性。
[Abstract]:With the increasingly prominent network security issues, covert channel, as one of the important network hazards, has gradually become a hot academic research. According to the carrier of covert information, the covert channel can be divided into temporal and storage covert channels, multi-link covert channels and packet-based covert channels. In this paper, a method of constructing covert channels based on the distribution of hidden information storage is proposed to solve the statistical characteristics and the differences between the existing length covert channels and legitimate channels in terms of channel entropy and statistical characteristics. Firstly, the covert information in different coding modes is converted into binary bit stream. In this bit stream, the bit string of specific length is taken in turn, and we calculate the probability of the different values of bit string appearing in the bit stream. The reasons for the different probabilities and the influence on the traditional length covert channels are analyzed. Then this factor is taken into account in the construction of the long covert channel and a new method of constructing the long covert channel is designed. Aiming at the problem of increasing channel entropy, this paper designs a new and effective entropy regulation mechanism, which adjusts the channel entropy to the legal range. At the same time, the classical reference length covert channel NTNCC, uses the NTNCC and the data flow characteristic parameters of the legal channel to obtain the statistical characteristics of the detection channel and the threshold value of the entropy feature. Finally, the concealment of the covert channel model designed in this paper is detected by using statistical features and entropy detection, and the detection results of the legal channel, NTNCC and the covert channel characteristics designed in this paper are compared. The experimental results show that compared with the traditional reference length covert channel (NTNCC), the statistical characteristics and entropy of the proposed method are closer to the legal channel and have better concealment.
【學位授予單位】：南京理工大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前7條

1 錢玉文;李勇;王執(zhí)銓;;網(wǎng)絡包長度隱蔽信道的建模與仿真[J];系統(tǒng)仿真學報;2010年07期

2 王華翔;;基于IP數(shù)據(jù)包生存期的隱蔽信道[J];網(wǎng)絡安全技術與應用;2010年06期

3 楊智丹;劉克勝;王康;汪松鶴;;基于IP報頭選項的網(wǎng)絡隱蔽通道技術[J];計算機工程;2009年13期

4 姚全珠;張鵬;;基于數(shù)據(jù)包長度的網(wǎng)絡隱蔽通道[J];計算機工程;2008年03期

5 孫星明;黃華軍;王保衛(wèi);孫光;黃俊偉;;一種基于等價標記的網(wǎng)頁信息隱藏算法[J];計算機研究與發(fā)展;2007年05期

6 鄒昕光;;基于FTP協(xié)議的命令序列隱蔽信道[J];哈爾濱工業(yè)大學學報;2007年03期

7 訾小超;姚立紅;李斕;;一種基于有限狀態(tài)機的隱含信息流分析方法[J];計算機學報;2006年08期

，

本文編號：2376174