一种基于Xgboost的Skype时间式隐信道检测方法  被引量：4

作　　者：常婷婷 翟江涛 戴跃伟 CHANG Tingting;ZHAI Jiangtao;DAI Yuewei(College of Electronics and Information,Jiangsu University of Science and Technology,Zhenjiang,Jiangsu 212003,China;School of Electronic and Information Engineering,Nanjing University of Information Science and Technology,Nanjing 210044,China)

机构地区：[1]江苏科技大学电子信息学院,江苏镇江212003 [2]南京信息工程大学电子与信息工程学院,南京210044

出　　处：《计算机工程》2021年第7期88-94,共7页Computer Engineering

基　　金：国家自然科学基金(61702235,61602247,U1636117)。

摘　　要：时间式隐信道利用数据包的包间时延来传递秘密信息,受网络时间特性复杂性的影响,网络隐信道的检测率低且虚警率较高。提出一种利用Xgboost模型的Skype时间式隐信道检测方法。在传统提取Skype时间序列的Markov转移特性、信息熵、包间时延的均值与方差、DCT系数、ε-相似度等特征的基础上,增加峰态、偏态和标准偏差的差值3种特征,以准确了解包间时延分布并进行筛选排查,同时采用五折交叉验证法结合无重复抽样技术,使每次迭代时每个样本点只有一次被划入训练集或测试集,最终通过Xgboost算法进行判决和检测。实验结果表明,与BP神经网络方法相比,该方法检测率更高且虚警率更低。The covert timing channel exploits the packet delay to transmit secret information.Due to the complexity of the temporal features of network,the false alarm rate of the covert channels is high,masking the detection of the true targets.An Xgboost-based method for detecting covert timing channel of Skype is proposed.On the basis of the existing methods,which extract the Markov transition features,information entropy,mean and variance of the delay between packets,DCT coefficient,andε-similarity of the Skype time series,the proposed method adds another three features,including the peak state,skewness and difference of standard deviation,so as to accurately understand the distribution of delay between packets and to screen the targets.At the same time,the method of five-fold cross verification is combined with the non-repeating sampling technology,so that every sample point is classified into training set or test set for only once in each iteration.Finally,the Xgboost algorithm is used for judgment and detection.Experimental results show that compared with the BP neural network method,the proposed method has higher detection rate and lower false alarm rate.

关 键 词：网络隐信道 时间式隐信道 五折交叉验证 神经网络 Xgboost算法 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]