Research And Design Of Network Covert Channel Detection In Cloud Architecture

In recent years,cloud computing has been widely used in many fields such as the government and finance.Its security has also aroused all people's concerns and worries.Network covert channel is a kind of covert communication technology which can avoid the detection of security management policy and secretly transmit confidential information.As an extension of the Internet,network covert channels will also threaten the cloud computing.At present,there is a lack of adequate network covert channel research and security defense tools for the unique topological structure and communication mechanism of cloud computing.In order to maintain the security of the cloud data,it is of great significance to do some research about cloud network covert channel.This thesis focuses on the detection method of network covert channel based on cloud architecture,mainly including the following four aspects:Firstly,from the perspective of the attack and defense game of construction and detection,this thesis analyzed the future development trend of network covert channels.Combined with the current research status that the detection objects of cloud networks do not include network covert channels,it proposed a multi-scale fusion detection idea of network covert channels in cloud architecture for data breaches.Secondly,this thesis designed a distributed data acquisition scheme based on cloud architecture.According to the topology of the private cloud platform Open Stack,this thesis did a depth analysis of the network communication mechanism and key nodes of the cloud platform from the east-west traffic and the north-south traffic,and proposed the network covert channel communication model under the cloud architecture.Through the migration method of distributed network traffic,this thesis obtained and identified the virtual network traffic.Thirdly,it proposes a weight-based multi-scale network covert channel fusion decision method.In this thesis,the covert channel detection vector is constructed from multiple detection scales such as static elements,protocol knowledge and communication channel,and the suspected degree of the network covert channel is judged in multiple dimensions of packet,session flow and data flow.Fourthly,based on the above cloud data acquisition method and multi-scale network covert channel detection method,a prototype system is designed and implemented.The design ideas and implementation methods of modules,such as data collection,data preprocessing,covert channel detection,visualization,and data cache,are described in detail,and the prototype system is successfully deployed on the private cloud Open Stack.Finally,this thesis tested the prototype system from the availability,detection effectiveness and reliability.The final results show that the system can collect cloud data from distributed,effectively detect multiple types of network covert channels,such as various protocols and cloud network flows.The average detection accuracy rate reaches 96%,and the average detection omission rate and false alarm rate are both within 5%,The test results have high reliability.