| In recent years,with the case of Advanced Persistent Threat such as Aurora,Stuxnet and other typical APT attack break into our line of sight.Because of the serious harm,APT has attracted great attention.This paper describes the Advanced Persistent Threat(APT)'s features and typical attack cases firstly.And than analyze the typical attack cases in recent years,trying to find out the high threat attack process,so as to detect the target.The study find out the two most threatening factors in the process of APT: C&C channel and privacy data transmission channel.This paper propose a novel VPN based on the covert channel and describe the significance of the damage and the meaning of the detection.Since VPN has been considered a relatively secure remote access technology,so there is few appropriate detection technology.In this paper,firstly,the research and analysis of PPTP,IPSec and OpenVPN protocol are carried out.The detection models do not use the traditional feature detection method,but join the multi-feature,muti-phase detection,greatly improve the accuracy of detection,reduce the false alarm rate.The detection system is realized in Linux environment based on the Libpcap library.The detection is divided into two parts: control and data,in order to achieve muti-phase detection.After the implementation,the rate of accuracy and the rate of correction are detected respectively.Verify the correctness and accuracy of the testing system.In this paper,the characteristics of two different stages of control channel and data channel are analyzed in this paper,and try to select more than two detection characteristics as the detetion vector.In the research of information security in APT environment,the VPN covert channel detection system has a significant meaning. |
PDF Full Text Request