基于HTTP协议组合的隐蔽信道构建方法研究  被引量:7

Research on Covert Channel Construction Method Based on HTTP Protocol Combination

在线阅读下载全文

作  者:陈骋 罗森林[1] 吴倩[2] 杨鹏 CHEN Cheng;LUO Senlin;WU Qian;YANG Peng(Information System&Security and Countermeasures Experiments Center,Beijing Institute of Technology,Beijing 100081,China;National Computer Network Emergency Response Technical Team Coordination Center of China,Beijing 100094,China)

机构地区:[1]北京理工大学信息系统及安全对抗实验中心,北京100081 [2]国家计算机网络与信息安全管理中心,北京100094

出  处:《信息网络安全》2020年第6期57-64,共8页Netinfo Security

基  金:国家242信息安全计划[2017A149]。

摘  要:针对现有的存储型隐蔽信道隐蔽性较低,时间型隐蔽信道误码率高且传输速率较低的问题,文章提出一种基于HTTP协议组合的隐蔽信道构建方法。该方法通过模拟浏览器应用发送HTTP请求,将HTTP请求动态分配在不同浏览器上,利用数学组合的方式嵌入隐蔽信息,且对访问对象、数据包时间间隔和数据包长度进行动态调整,提高了信道的隐蔽性。同时,信道基于TCP协议内部的可靠传输使其不受网络抖动的影响,从而保证信道的可靠性。实验结果表明,该方法能够抵御基于应用签名的检测法、协议指纹检测法及组合模型检测法,具有较强的隐蔽性;能够根据应用场景调整隐蔽性强度与信道容量的平衡。Aiming at the problem that the existing covert storage channel has a low concealment,and the covert timing channel has a high bit error rate and a low transmission rate,a covert channel construction method combining HTTP protocol behaviors is proposed.In the method,HTTP requests are sent by simulating a browser application and allocated dynamically among different browsers,the concealed information is embedded by means of mathematical combination.The access object,the packet time interval and the packet length are also dynamically adjusted to improve the concealment of channel.At the same time,the channel is based on the reliable transmission of TCP protocol,so that it is not affected by the network jitter,thus ensuring the reliability of the channel.The experimental results show that the proposed method can resist the application signature based detection method,protocol fingerprint detection method and combined model detection method,and has strong concealment.It can adjust the concealment and channel capacity according to the application scenario.

关 键 词:隐蔽信道 数学组合编码 HTTP协议 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象