| TCP/IP protocol becomes the cornerstone of modern communication network,and it makes people communicate with each other easily,Because of its own shortcomings,it provides steganography based on network protocol with the possibility.In order to supervise use of the steganography effectively,it is necessary to study their detection technology.This dissertation studies the detection technology of network protocol s steganography, the major achievements are:1)Collate and summarize the current steganalysis based on network protocol.2)Proposes a rule-based detection method,which can attack the current steganalysis based on IP,TCP,ICMP packet header.The detection algorithm is based on the experimental network data packets observation,and in summing up the distribution of the network packets, we build detection rules to detect network data packets.Experiments show that the detection algorithm performances very well in the detection of information hidden in packets header.3)A detection algorithm of covert channel is introduced based on the command sequence of application layer protocol for FTP,SMTP,POP3 and HTTP order parameters of the sort.The algorithm uses a Markov process,making use of a large number of normal data transfer training probability matrix to construct the normal data behaviour profile,and it raises the efficiency of detection by the choice of detection window or setting a certain threshold.4)A detection algorithm of covert channel is introduced based on the keyboard input of telnet.The algorithm uses one-class support vector machine,making use of time interval between adjacent packets to construct a vector.It sets a training aggregate of data by collecting normal data of users,then gets a training model to be used for detection.5)Introduce the process of steganalysis software.Review the use of detection algorithms,and discuss the principle of steganalysis based on network protocol in the general sense. |
PDF Full Text Request