计算机科学 ›› 2015, Vol. 42 ›› Issue (7): 216-221.doi: 10.11896/j.issn.1002-137X.2015.07.047
董丽鹏 陈性元 杨英杰 石 旺
DONG Li-peng CHEN Xing-yuan YANG Ying-jie SHI Wang
摘要: 网络隐蔽信道利用正常网络协议传递隐蔽信息,能够为木马、间谍软件等恶意通信规避安全检测提供载体。针对现有隐蔽信道数量众多、特征繁杂、检测不便等问题,在分析其通信模型及应用模式的基础上,提出了一种基于实现机制的分类方法,从协议和字段的根本特点出发研究了隐蔽信道的异常特征,分析了现有检测方法及其缺陷,给出了下一步的研究方向。
[1] Lampson B W.A note on the confinement problem[J].Communications of the ACM,1973,16(10):613-615 [2] Girling C G.Covert Channels in LAN’s[J].IEEE Transactions on Software Engineering,1987(2):292-296 [3] Kratzer C,Dittmann J,Vogel T,et al.Design and Evaluation of Steganography for Voice-over-IP[C]∥Proceedings of 2006 IEEE International Symposium on Circuits and System(ISCAS 2006).IEEE,2006 [4] Bates A,Mood B,Pletcher J,et al.On detecting co-residentcloud instances using network flow watermarking techniques[J].International Journal of Information Security,2014,13(2):171-189 [5] Ranjith P,Priya C,Shalini K.On covert channels between virtualmachines[J].Journal in Computer Virology,2012,8(3):85-97 [6] Fisk G,Fisk M,Papadopoulos C,et al.Eliminating steganography in Internet traffic with active wardens[C]∥Petitcolas F A P,ed.Information Hiding:5th International Workshop,IH 2002.Springer Berlin Heidelberg,2003:18-35 [7] Lucena N B,Lewandowski G,Chapin S J.Covert channels inIPv6[C]∥Danezis G,Martin D,eds.Privacy Enhancing Technologies:5th International Workshop,PET 2005.Springer Berlin Heidelberg,2006:147-166 [8] Zander S,Armitage G J,Branch P.A survey of covert channels and countermeasures in computer network protocols[J].IEEE Communications Surveys and Tutorials,2007,9(1-4):44-57 [9] Gianvecchio S,Wang H.Detecting covert timing channels:anentropy-based approach[C]∥Proceedings of the 14th ACM conference on Computer and communications security.ACM,2007:307-316 [10] Simmons G J.The prisoners’ problem and the subliminal channel[C]∥Advances in Cryptology.Springer US,1984:51-67 [11] Handel T G,Sandford II M T.Hiding data in the OSI network model[C]∥Information Hiding.Springer Berlin Heidelberg,1996:23-38 [12] 王永吉,吴敬征,曾海涛,等.隐蔽信道研究[J].软件学报,2010,21(9):2262-2288 Wang Yong-ji,Wu Jing-zheng,Zeng Hai-tao,et al.Covert Channel Research[J].Journal of Software,2010,21(9):2262-2288 [13] Llamas D,Allison C,Miller A.Covert channels in internet protocols:A survey[C]∥Proceedings of the 6th Annual Postgradua-te Symposium about the Convergence of Telecommunications,Networking and Broadcasting,PGNET 2005.2005 [14] Sun Xing-ming,Huang Hua-jun,Wang Bao-wei,et al.An algorithm of webpage information hiding based on equal tag[J].Journal of Computer Research and Development,2007,44(5):756-760 [15] Cabuk S,Brodley C E,Shields C.IP covert timing channels:design and detection[C]∥Proceedings of the 11th ACM Confe-rence on Computer and Communications Security.ACM,2004:178-187 [16] Berk V,Giani A,Cybenko G,et al.Detection of covert channel encoding in network packet delays,Technique Report TR536[R].de lUniversité de Dartmouth,2005:35-43 [17] Cai Zhi-yong,Zhang Yong.Entropy based taxonomy of network convert channels[C]∥2009 2nd International Conference on Power Electronics and Intelligent Transportation System (PEITS).IEEE,2009:451-455 [18] Wendzel S,Zander S,Fechner B,et al.A Pattern-based Survey and Categorization of Network Covert Channel Techniques[J].ACM Computing Surverys,2015,7(3):1-26 [19] Kundur D,Ahsan K.Practical Internet steganography:data hi-ding in IP[C]∥Proceedings of the Texas Workshop on Security of Information Systems.2003 [20] Hintz A.Covert channels in TCP and IP headers[Z].DEFCON,2002 [21] Trabelsi Z,Jawhar I.Covert file transfer protocol based on the IP record route option[J].Information Assurance and Security,2010,5:64-73 [22] Wolf M.Covert channels in LAN protocols[M]∥ Berson T A,Beth T,eds.Local Area Network Security.Springer Berlin Heidelberg,1989:89-101 [23] Graf T.Messaging over IPv6 destination options[EB/OL].http://grayworld.net/papers/messip6.txt [24] Lucena N B,Lewandowski G,Chapin S J.Covert channels inIPv6[C]∥Privacy Enhancing Technologies.Springer Berlin Heidelberg,2006:147-166 [25] Trabelsi Z,El-Sayed H,Frikha L,et al.Traceroute based IPchannel for sending hidden short messages[M]∥Advances in Information and Computer Security.Springer Berlin Heidelberg,2006:421-436 [26] Rowland C H.Covert channels in the TCP/IP protocol suite[J].First Monday,1997,2(5):42-51 [27] Cauich E,Cárdenas R G,Watanabe R.Data hiding in identification and offset IP fields[M]∥Advanced Distributed Systems.Springer Berlin Heidelberg,2005:118-125 [28] Zander S,Armitage G,Branch P.Covert channels in the IP time to live field[C]∥Proceedings of Australian Telecommunication Networks and Applications Conference (ATNAC).2006 [29] Rutkowska J.The implementation of passive covert channels in the Linux kernel[C]∥Chaos Communication Congress,Chaos Computer Club eV.2004 [30] Dyatlov A,Castro S.Exploitation of data streams authorized by a network access control system for arbitrary data transfers:tunneling and covert channels over the HTTP protocol[EB/OL].http://grayworld.net/projects/papers/html/covertpaper.html.2003 [31] Rios R,Onieva J A,Lopez J.HIDE_DHCP:Covert Communications through Network Configuration Messages[M]∥Information Security and Privacy Research.Springer Berlin Heidelberg,2012:162-173 [32] Zou X,Li Q,Sun S H,et al.The research on information hiding based on command sequence of FTP protocol[C]∥Knowledge-Based Intelligent Information and Engineering Systems.Springer Berlin Heidelberg,2005:1079-1085 [33] Smeets M,Koot M.Research report:Covert channels[R].Holland:University of Amsterdam,2006 [34] Stdle D.Ping Tunnel:For those times when everything else is blocked[EB/OL].http://www.cs.uit.no/~ daniels/PingTunnel,2009 [35] Kaminsky D.Black Ops of DNS[Z].Black Hat Briefings,2004 [36] Getchell A.RE:For those interested in covert channels[EB/OL].http://www.security-focus.com/archive/101/499640.2008 [37] Patuck R,Hernandez-Castro J.Steganography using the Extensible Messaging and Presence Protocol (XMPP)[J].arXiv preprint arXiv:1310.0524,2013 [38] Lucena N B,Pease J,Yadollahpour P,et al.Syntax and semantics-preserving application-layer protocol steganography[C]∥Information Hiding.Springer Berlin Heidelberg,2005:164-179 [39] Krtzer C,Dittmann J,Lang A,et al.WLAN steganography:a first practical review[C] ∥Proceedings of the 8th Workshop on Multimedia and Security.ACM,2006:17-22 [40] Mazurczyk W,Smolarczyk M,Szczypiorski K.Hiding information in retransmissions[J].arXiv preprint arXiv:0905.0363,2009 [41] Luo X,Chan E W W,Chang R K C.Cloak:A ten-fold way for reliable covert communications[M]∥Computer Security-ESORICS 2007.Springer Berlin Heidelberg,2007:283-298 [42] Ahsan K,Kundur D.Practical data hiding in TCP/IP[C]∥Proc.ACM Workshop on Multimedia Security,2002.2002(下转第244页)(上接第221页) [43] Murdoch S J,Lewis S.Embedding covert channels into TCP/IP[C]∥Information Hiding.Springer Berlin Heidelberg,2005:247-261 [44] Mazurczyk W,Szczypiorski K.Evaluation of steganographicmethods for oversized IP packets[J].Telecommunication Systems,2012,49(2):207-217 [45] Sadeghi A R,Schulz S,Varadharajan V.The Silence of theLANs:Efficient Leakage Resilience for IPsec VPNs[M]∥Computer Security-ESORICS 2012.Springer Berlin Heidelberg,2012:253-270 [46] Ji L,Liang H,Song Y,et al.A normal-traffic network covert channel[C]∥2009 Computational Intelligence and Security(CIS’09).IEEE,2009:499-503 [47] Wendzel S,Keller J.Systematic engineering of control protocols for covert channels[C]∥Communications and Multimedia Security.Springer Berlin Heidelberg,2012:131-144 [48] Postel J.RFC 792:Internet control message protocol[Z].1981 [49] Qu H,Su P,Feng D.A typical noisy covert channel in the IP protocol[C]∥38th Annual 2004 International Carnahan Confe-rence on Security Technology.IEEE,2004:189-192 [50] Lucena N B,Lewandowski G,Chapin S J.Covert channels in IPv6[C]∥Privacy Enhancing Technologies.Springer Berlin Heidelberg,2006:147-166 [51] Zander S,Armitage G,Branch P.An empirical evaluation of IP Time To Live covert channels[C]∥15th IEEE International Conference on Networks(ICON 2007).IEEE,2007:42-47 [52] Krtzer C,Dittmann J,Lang A,et al.WLAN steganography:a first practical review[C]∥Proceedings of the 8th Workshop on Multimedia and Security.ACM,2006:17-22 [53] 华元彬,蒋建春,卿斯汉.基于链路分析法的复合隐蔽通道检测[J].计算机应用,2006,26(1):81-83 Hua Yuan-bin,Jiang Jian-chun,Qing Si-han.Complex covert channel detection based on chain analysis methodology[J].Computer Applications,2006,26(1):81-83 [54] 薛晋康,许士博.基于流量分析的网络隐蔽通道检测模型[J].计算机工程,2002,28(12):46-48 Xue Jin-kang,Xu Shi-bo.A network covert channel detecting model based on traffic analysis[J].Computer Engineering,2002,28(12):46-48 [55] Yuwen Q,Huaju S,Chao S,et al.Network covert channel detection with cluster based on hierarchy and density[J].Procedia Engineering,2012,29:4175-4180 [56] Sohn T,Seo J T,Moon J.A study on the covert channel detection of TCP/IP header using support vector machine[M]∥Information and Communications Security.Springer Berlin Heidelberg,2003:313-324 [57] Tumoian E,Anikeev M.Detecting NUSHU covert channelsusing neural networks[EB/OL].http://www.ouah.org/neural_networks_vs_ NUSHU.pdf,2005 [58] Tumoian E,Anikeev M.Network based detection of passive co-vert channels in TCP/IP[C]∥The 30th Anniversary IEEE Conference on Local Computer Networks,2005.IEEE,2005:802-809 [59] Borders K,Prakash A.Web tap:detecting covert web traffic[C]∥Proceedings of the 11th ACM conferenceon Computer and communications security.ACM,2004:110-120 [60] 章思宇,邹福泰,王鲁华,等.基于 DNS 的隐蔽通道流量检测[J].通信学报,2013,34(5):143-151 Zhang Si-yu,Zou Fu-tai,Wang Lu-hua,et al.Detecting DNS-based covert channel on live traffic[J].Journal on Communications,2013,34(5):143-151 [61] Team S.Snort Users Manual 2.9.5[Z].2013 [62] Cisco Systems,Inc.User Guide for Cisco Security MARS Local and Global Controllers,Release 6.x[Z].2014 [63] Marleau G,Hebert A,Roy R.A User Guide for DRAGON Version5[Z].2014 |
No related articles found! |
|