The Research Of Network Covert Timing Channel Detection Based On Secret Sharing Principle

With the rapid development of internet communication technology,while the network has brought us convenience,the issues of network information security has also attracted more and more attention.Network covert timing channel transmits covert information by modulating the time characteristics of data packets in a legitimate communication link,so it has a strong concealment and brings serious harm to network information security.Therefore,the detection of network covert timing channels is an important research topic.From the existing researches,most of the current detection methods do not consider the influence of the intentional or unintentional network interference in the network environment on the detection results,and lack the robustness.Therefore,this article introduces the secret sharing principle into network covert timing channel detection.Using the threshold strategy of the secret sharing principle,we only need limited traffic characteristics to reconstruct the original network traffic characteristics,which effectively reduces the network interference convection characteristics influence,and improve the robustness of the detection method.The specific research in this paper is as follows:(1)Network covert timing channel detection method based on interval centroid and secret sharing principle.Specifically,this method uses the interval centroid to describe the local characteristics of the network traffic.At the same time,in order to avoid the loss of local characteristics,we use information entropy as a supplement to the global characteristics of network traffic.Finally,a robust identifier is constructed based on the secret sharing principle.The scheme takes four kinds of classical network covert timing channels as research objects and evaluates the robustness of the method in different network environments.The experimental results show that the proposed method can effectively detect all kinds of network covert timingchannels in different network environments and has higher robustness than the existing methods.(2)Network covert timing channel detection method based on chaos theory and secret sharing principle.Starting from the chaos of network traffic,we reconstruct the phase space of the network traffic time series by calculating the delay time and embedding dimension,and mining the time-space characteristics of network traffic.Than the singular value decomposition(SVD)is used to extract the stable traffic characteristics,and finally the secret sharing principle is used to reconstruct the channel identifier.This method has a more fine-grained analysis of network traffic characteristics.Experimental results show that the method is more robust than the first scheme.(3)Network covert timing channel detection method based on traffic prediction and secret sharing principle.This scheme first uses the exponential smoothing predicting model to predict the traffic,and uses the degree of different between the predicted value and the real value as a local feature of the traffic.Then calculate the Lyapunov exponent of the prediction error time series as the global feature of the traffic,and finally the channel identifier reconstructed by the secret sharing principle is used as the detection index.Experimental results show that the method effectively improves the detection efficiency while ensuring the robustness of the detection algorithm.The main idea of the algorithm proposed in this article is that using the secret sharing principle,we can use only partial traffic characteristics to describe the overall characteristics of network traffic,which can effectively reduce the impact of the loss or destruction of traffic characteristics on the detection results.In addition,we proposed different schemes of stream feature extraction to improve the robustness of the detection algorithm.Experimental results show that the proposed method is more robust against network interference than the existing detection methods.