网络时间隐蔽通道的拟合模型特性研究

doi:10.11896/j.issn.1002-137X.2017.01.028

摘要/Abstract

摘要： 随着计算机网络的飞速发展,网络安全越来越受到人们的关注。在众多的攻击手段中,网络隐蔽通道已成为威胁计算机安全的重要来源之一。由于其隐蔽性较高、不易被发现和传输速率高等特点,网络时间隐蔽通道已成为该领域的研究热点之一。针对网络时间隐蔽通道的传输过程,构建了一种模型,并详细阐述了该模型中运用扩展码对隐蔽信息进行编码和调制的过程。在此基础上,分析了该模型下编码符号的概率分布状况,并与正常信道中的泊松分布拟合函数做了比较全面的对比。针对隐蔽通道的特性——隐蔽性和数据传输速率,首次分析了模型中的参数对其隐蔽性和传输速率的影响,并得到了二者之间的变化关系,这对今后网络时间隐蔽通道的构建工作具有一定的指导意义。

关键词: 隐蔽通道,隐蔽性,数据传输速率,模型,编码

Abstract: With the rapid development of computer network,the security of computer network has caused more and more peoples’ attention.Among lots of methods of network attack,network covert channels have become one of the main threats to the security of computers.Because of its undetectable nature and high data transmission rate,covert ti-ming channel has become one of current research hot spots in the field of information security.This paper constructed a model for the transmission process of network covert timing channel.The model describes how to encode and modulate covert messages using spreading code.On the basis,we analyzed the probability distribution of the constructed model,then made a more comprehensive contrast with the Poisson distribution which is used to fit the legitimate channel.Aiming at analyzing the concealment and data transmission rate of covert channels,we first analyzed the parameters which impact the above properties of covert timing channels,and also discussed the relationship between these properties,which has certain significance for the future work of network covert timing channels.

Key words: Covert channel,Concealment,Data transfer rate,Model,Coding

杨鹏,赵辉,鲍忠贵. 网络时间隐蔽通道的拟合模型特性研究[J]. 计算机科学, 2017, 44(1): 145-148. https://doi.org/10.11896/j.issn.1002-137X.2017.01.028

YANG Peng, ZHAO Hui and BAO Zhong-gui. Analysis on Fitting Model of Network Covert Timing Channel[J]. Computer Science, 2017, 44(1): 145-148. https://doi.org/10.11896/j.issn.1002-137X.2017.01.028

参考文献

[1] LAMPSON B W.A note on the confinement problem[J].Communications of the ACM,1973,16(10):613-615 .
[2] ZANDER S,ARMITAGE G,BRANCH P.A survey of covert channels and counter measures in computer network protocols[J].Communication Surveys & Tutorials,2007,9(3):44-57.
[3] QIAN Yu-wen,ZHAO Bang-xin,KONG Jian-shou,et al.Robust Covert Timing Channel Based on Web[J].Journal of Computer Research and Development,2011,8(3):423-431.(in Chinese) 钱玉文,赵邦信,孔建寿,等.一种基于 Web 的可靠网络隐蔽时间信道的研究[J].计算机研究与发展,2011,48(3):423-431.
[4] PADLIPSKY M A,SNOW D W,KARGER P A.Limitations of end-to-end encryption in secure computer networks[R].Mitre Corp Bedford Ma,1978.
[5] GIRLING C G.Covert Channels in LAN’s[J].IEEE Transactions on Software Engineering,1987(2):292-296.
[6] SHAN G,MOLINA A,BLAZE M.Keyboards and Covert Channels[C]∥USENIX Security.2006.
[7] CABUK S,BRODLEY C E,SHIELDS C.IP covert timing channels:design and detection[C]∥ Proceedings of the 11th ACM Conference on Computer and Communications Security.ACM,2004:178-187.
[8] REZAEI F,HEMPEL M,SHRESTHA P L,et al.Achieving robustness and capacity gains in covert timing channels[C]∥2014 IEEE International Conference on Communications (ICC).IEEE,2014:969-974.
[9] BERK V,GIANI A,CYBENKO G,et al.Detection of covertchannel encoding in network packet delays[R].Department of Computer Science,Dartmouth College,2005.
[10] GIANVECCHIO S,WANG H.Detecting covert timing chan-nels:an entropy-based approach[C]∥ Proceedings of the 14th ACM Conference on Computer and Communications Security.ACM,2007:307-316.
[11] SHRESTHA P,HEMPEL M,REZAEI F,et al.A Support Vector Machine-based Framework for Detection of Covert Timing Channels[J].IEEE Transactions on Dependable and Secure Computing,2016,3(2):274-283
[12] DARWISH O,AL-FUQAHA A,ANAN M,et al.The role ofhierarchical entropy analysis in the detection and time-scale determination of covert timing channels[C]∥ 2015 International Conference on Wireless Communications and Mobile Computing (IWCMC).IEEE,2015:153-159.
[13] LIU Y,GHOSAL D,ARMKNECHT F,et al.Hide and seek in time－robust covert timing channels[M]∥Computer Security-ESORICS 2009.Springer Berlin Heidelberg,2009:120-135.
[14] HOUMANSADR A,BORISOV N.CoCo:coding-based coverttiming channels for network flows[M]∥ Information Hiding.Springer Berlin Heidelberg,2011:314-328.
[15] LIU Y,GHOSAL D,ARMKNECHT F,et al.Robust and undetectable steganographic timing channels for iid traffic[M]∥Information Hiding.Springer Berlin Heidelberg,2010:193-207.
[16] GIANVECCHIO S,WANG H,WIJESEKERA D,et al.Model-based covert timing channels:Automated modeling and evasion[M]∥Recent Advances in Intrusion Detection.Springer Berlin Heidelberg,2008:211-230.
[17] PAXSON V,FLOYD S.Wide area traffic:the failure of Poisson modeling[J].IEEE/ACM Transaction on Networking (ToN),1995,3(3):226-244.
[18] RICHARDSON A M.Nonparametric Statistics:A Step-by-Step Approach[J].International Statistical Review,2015,83(1):163-164.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed