基于Markov模型的HTTP参数排序隐蔽信道检测方法  被引量:6

HTTP Parameter Sorting Covert Channel Detection Method Based on Markov Model

在线阅读下载全文

作  者:沈国良 翟江涛[1] 戴跃伟 SHEN Guoliang;ZHAI Jiangtao;DAI Yuewei(School of Electronics and Information,Jiangsu University of Science and Technology,Zhenjiang,Jiangsu 212003,China;School of Computer and Software,Nanjing University of Information Science and Technology,Nanjing 210000,China)

机构地区:[1]江苏科技大学电子信息学院,江苏镇江212003 [2]南京信息工程大学计算机与软件学院,南京210000

出  处:《计算机工程》2020年第2期154-158,169,共6页Computer Engineering

基  金:国家自然科学基金(61702235,61472188,61602247,U1636117);江苏省自然科学基金(BK20150472,BK20160840)

摘  要:网络隐蔽信道是利用网络协议中的保留、可选或未定义等字段在网络不同主机间建立秘密消息传输的通信信道,其中HTTP协议作为万维网上最常用的协议之一,是网络隐蔽信道的良好载体。为有效检测基于HTTP协议的隐蔽信道,提出一种基于Markov模型的隐蔽信道检测方法。以Host、Connection、Accept和User-Agent为关键字,建立数据包的Markov模型并计算其状态转移概率矩阵,利用待测数据包与正常数据包2个概率矩阵之间的相对熵,判别是否存在隐蔽信道通信。实验结果表明,当隐蔽信道中的异常数据超过70%时,该方法检测率可达97%以上。The network covert channel is a communication channel that establishes secret message transmission between different hosts on the network by utilizing reserved,optional or undefined fields in the network protocols.HTTP protocol,as one of the most commonly used protocols on the World Wide Web,becomes a good carrier of network covert channels.In order to effectively detect the HTTP protocol-based covert channel,this paper proposes a covert channel detection method based on Markov model.Taking Host,Connection,Accept and User-Agent as keywords,this method establishes the Markov model of data packet and calculates the state transition probability matrix of this model.The relative entropy between the data packet to be tested and the normal data packet is used to determine whether the covert channel exists or not.Experimental results show that when the abnormal data in the covert channel exceeds 70%,the detection rate of this method can reach more than 97%.

关 键 词:HTTP协议 隐蔽信道检测 MARKOV模型 相对熵 检测率 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象