计算机工程与应用 ›› 2021, Vol. 57 ›› Issue (17): 122-129.DOI: 10.3778/j.issn.1002-8331.2005-0214

• 网络、通信与安全 • 上一篇    下一篇

自适应伪随机序列混合网络隐蔽通道构建方法

戴睿,嵩天   

  1. 北京理工大学 计算机学院,北京 100081
  • 出版日期:2021-09-01 发布日期:2021-08-30

Self-Adaptive Pseudo-Random Sequence Hybrid Network Covert Channel Construction Method

DAI Rui, SONG Tian   

  1. School of Computer Science and Technology, Beijing Institute of Technology, Beijing 100081, China
  • Online:2021-09-01 Published:2021-08-30

摘要:

现有网络隐蔽通道研究主要集中于存储型、时间型和序列型等单一模式,单一网络隐蔽通道对网络流量影响较大,隐蔽性差,综合使用多种模式构建混合型隐蔽通道方法鲜见,且混合使用方法无法根据网络流量动态调整。提出了一种新的混合使用多种隐蔽通道的方法,建立可以根据当前网络流量特征自适应变化的隐蔽通道构建框架,通过网络流量在不同隐蔽通道下的隐蔽性强弱生成具有一定分布的伪随机序列,使用该伪随机序列在不同的模式中写入隐蔽信息,使得隐蔽信息在信息传输的过程中在多种通道中随机存在,在传输隐蔽信息的同时降低对原始流量的影响,并使隐蔽通道可以实时根据网络流量动态调整使用模式。真实网络环境中实验结果证明,该类隐蔽通道具有较强的隐蔽性和自适应性,实用价值明显。

关键词: 网络隐蔽通道, 混合, 伪随机序列, 自适应, SVM检测算法

Abstract:

Existing network covert channel research mainly focuses on single modes such as storage, timing and sequential. The simple use of the same method has a greater impact on network traffic, resulting in poor concealment. It is rare to use multiple modes to build a hybrid covert channel. This paper proposes a new construction method of hybrid covert channels, and establishes a covert channel construction framework that can adaptively change according to the current network traffic characteristics. It generates a pseudo-random sequence with a certain distribution through the concealment of real-time network traffic under different modes of covert channels, and writes covert information in different channels according to the pseudo-random sequence. The covert information is randomly present in a variety of modes during the transmission of information, and the change of the original traffic is reduced while the covert information is transmitted, and the usage mode is dynamically adjusted in real time according to the network traffic. Experimental results in a real network environment have proved that this kind of covert channel has strong covertness and adaptability, and its practical value is obvious.

Key words: network covert channel, hybrid, pseudo-random sequence, self-adaptive, SVM detection algorithm