Research On Convert Channel Communication Detection Technology Based On Web Service Protocol

In recent years,along with the ubiquitous application of Internet communication technology,the application of Web Service is more and more important in software.At the same time,the parallel network communication security environment is more and more complicated,various network communication security threats appear successively.Among them,APT Covert channel under the new network attack is one of the means.In the face of complex concealed channel generation mode,it is very important to detect covert channel under Web Service protocol.At present,many covert channel detection technologies based on protocol appear one after another,but the detection methods of these detection methods are too simple and can only detect the covert channel of a specific field,and the detection accuracy has obvious deficiencies.Based on this,under the Web Service protocol Covert Channel Communication Detection Technology Research.Based on the key technologies and theories of covert channel multi-dimension identification and detection model under Web Service protocol,this dissertation carries out the research on covert channel theory(network layer,transport layer and application layer)under TCP / IP level model protocol Research and application of streaming data RTP / RTCP protocol,for example,to study the covert channel generation mechanism.In-depth analysis of the characteristics of covert channels under the Web Service protocol and covert channel analysis with the representative SOAP protocol under the Web Service protocol.The core technology of this thesis is as follows:(1)This thesis constructs the theoretical framework of hidden channel communication detection in hidden multi-field hidden space,and designs an overall solution for hidden channel detection in Web Service.The framework extracts the key domain fields under the Web Service protocol and preprocesses the extracted key domain fields,and conducts covert channel analysis on the basis of the basic decision device D1 and the basic decision device D2,finally,the fusion decision module Realize the final judgment of the covert channel existence under the Web Service protocol.(2)This article constructs the correlation detection algorithm,and proposes the difference distance detection algorithm,at the same time to achieve the fusion decision.The correlation detection algorithm is the core idea of the basic judger D1.Through the correlation calculation between the data of the normal communication message and the data of the covert channel message,the initial decision of the covert channel under the Web Service protocol is realized.The result of the correlation decision is taken as the difference Value of the distance detection algorithm(basic decision maker D2 core)input,at the same time into the fusion decision mechanism to achieve the covert channel communication under the Web Service protocol to make the final determination.Through the simulation analysis of the experimental data,the detection model can accurately judge the presence of covert channel under the Web Service protocol,improve the detection of covert channel at the application layer and lack of detection accuracy,and at the same time make up for the blank of covert channel detection technology under the Web Service protocol.