| With the rapid development of Internet, network applications have been becoming more and more diverse, network and information security obtains so much attention of researchers. Network covert channel belongs to the research branches of information hiding and it is a communication method by hiding data into redundancy fields of protocols or time information of packets. Network datum generated by covert channel has great stealthiness which brings tremendous challenges to covert channel detection methods.In this dissertation, a complete and thorough review on related theories and technical foundations of network covert channel is made. We focus on Cloak which is a kind of network covert channel baesd on TCP protocol and enumerative combinatorics and propose the corresponding detection method.The contributions of this thesis are listed as follows:(1) A brief introduction is made on concept, model and classification of network covert channel. A summary is made on the development of covert channel construction and detection methods;(2) A introduction on Cloak is given including the principle, communication model, and the encoding and decoding methods based on enumerative combinatorics;(3) Design and realize the Cloak covert channel software platform including Cloak sender and receiver. To make a comparison between Cloak with two traditional covert timing channels, the platform is designed to include IPCTC and Jitterbug. Based on experiments, we analysize the advantages and disadvantages of Cloak and then introduce the improvement methods of Cloak;(4) Based on analyses of Cloakâs port usuage, flow characteristics and packet distribution regularity, we propose and realize a three-level detection method. Experiments show that our detection method is effective;Finnally, a conclusion is drawn on the shortcomings of this dissertation, and the future research contents on the topic are also prospected. |
PDF Full Text Request