A Detection Model Of FTP Covert Channel Based On CNN

With the continuous acceleration of the informatization process,people's daily lives are inseparable from the Internet.Many things can be accomplished through the Internet.By making special modifications to the network packets,one can hide information in it.Since the purpose of covert channel is to hide the fact of communication rather than simply encrypt the information,system security software can hardly find out such information leakage,making it difficult to detect covert channel.File transfer protocol(FTP)is widely used for transmission in the Internet.In order to keep a long connection to the server,the client sends specific FTP commands.Using these commands to express a specific meaning when combined with other commands can make it easy to implement a covert channel.The Convolutional Neural Network(CNN),which works well in textual sentiment classification,can be trained to get a good model by learning from data by imitating the human brain's way of thinking.Based on this,a CNN-based FTP covert channel detection model is proposed in this paper.The main work of this paper is as follows:This paper starts with the definition of covert channel and explores the cause and general model of it.By analyzing the construction mechanism of covert channel,the drawbacks of the traditional detection algorithm are expounded.After artificially modifying,the sequence of FTP commands can be used to disclose information.This paper encodes FTP commands and train then with CNN.In order to accelerate the convergence of the training process and prevent overfitting,a series of training optimization measures are adopted,and the initial parameter setting can also greatly shorten the training time.In order to take full advantage of the relevance of FTP commands,the convolutional layer of CNN model designed in this paper uses wide convolution,and the first pooling layer use Chunk-Max Pooling and the second use K-Max Pooling ?In order to verify the feasibility of this algorithm,this paper constructs a covert channel based on FTP directory encoding.Experiments show that the accuracy of the CNN-based model is higher than that of the traditional support vector machine and na?ve bayesian.The precision and reliability from small to large is support vector machine,na?ve Bayesian,CNN based-on Max Pooling Over Time,the model this paper proposed,which fully illustrates the effectiveness of the model proposed in this paper for the detection of FTP directory encoding covert channel.Since many kinds of covert channels can be implemented by manipulating command sequence,the algorithm of this paper is also used to train and detect another two FTP covert channel,the result show that the method can detect FTP covert channel effectively,which fully illustrates the high scalability of our mothod.