The Research On Network Covert Timing Channels Detection Based On Perceptual Hash

The research of network covert timing channels(CTC)is an important branch in the field of network security.It is a covert channel in the network system.Because of it uses the security rules of network system to encode and transmit covert information,it is difficult for traditional network security mechanisms such as firewalls and intrusion detection systems to identify this type of covert channel.The existing detection methods have certain limitations,such as: some methods can only detect a specific CTC,and they are not universal in the detection object.Some methods can detect multiple type of CTC,but they have a low positive detection rate when the number of detection samples is small and are less robust when it is affected by network interference.Aiming at the shortcomings of the existing detection methods,we combined with the research on the characteristics of CTC,this paper proposes a CTC detection method based on perceptual hash.The research content of this paper aims to improve the robustness of the detection method and solve the problem of low positive detection rate when the sample size is small.First,a CTC detection method based on perceptual hash analysis of time-frequency domain.This method analyzes the characteristics of the time-series of network traffic in the time and frequency domains,and extracts the perceptual characteristics of CTC in the time and frequency domains.The perceptual hash function is used to generate the perceptual hash sequences and a perceptual hash matching algorithm is used to distinguish the perceptual hash sequences of network traffic.This method not only has good robustness,but also improves the discrimination of network traffic.Second,a CTC detection method based on perceptual hash analysis of spectral domain.This method analyzes the shortcomings of the previous detection method,in-depth studies of the network traffic on the frequency spectrum and detailed changes in characteristics,optimizes the distance calculation method of the perceptual feature extraction method and perceptual hash sequence,and matches by the perceptual hash algorithm completes the discrimination of the perceptual hashsequence of network traffic.Therefore,compared with the previous detection method,this detection method has better robustness,abstractness and shorter execution time.Third,a CTC detection method based on hidden Markov and perceptual hashing.This method studies the differentiation characteristics of network traffic in the time domain.By transforming the differentiation characteristics into calculations of hidden states in the hidden Markov model,it combines the hidden Markov model to extract new perceptual features.This method redesigns the perceptual hash matching algorithm,and completes the differentiation of network traffic by matching the perceptual hash sequence generated by the corresponding perceptual features.The experimental results prove that the detection method has good discrimination and robustness.This paper introduces the perceptual hash to the detection of CTC.By combining the good robustness,distinguishability,and abstractness of perceptual hash with network traffic recognition,a CTC detection method based on perceptual hash is proposed.Through a series of experiments,this paper verifies the good robustness of the proposed detection method and improves the positive detection rate in the case of fewer samples.