基于One-class SVM的网络时间隐蔽信道检测方法

doi:10.3969/j.issn.1006-2475.2017.06.021

计算机与现代化

基于One-class SVM的网络时间隐蔽信道检测方法

(南京理工大学计算机科学与工程学院，江苏南京 210094)

收稿日期:2016-11-01 出版日期:2017-06-23 发布日期:2017-06-23
作者简介:刘义(1990-)，男，江苏宿迁人，南京理工大学计算机科学与工程学院硕士研究生，研究方向：计算机网络和安全; 兰少华(1958-)，男，江苏南京人，教授，硕士生导师，博士，研究方向：计算机网络及应用，网络安全，分布式人工智能。
基金资助:
国家自然科学基金资助项目(61170250, 61103201)

Approach for Detecting Covert Timing Channels Based on One-class SVM

(School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China)

Received:2016-11-01 Online:2017-06-23 Published:2017-06-23

摘要/Abstract

摘要： 网络时间隐蔽信道的检测是网络隐蔽信道研究中的热点和难点。当前的网络时间隐蔽信道的检测方法更多是针对某个或者某些特定的网络时间隐蔽信道，不具备通用性。本文利用机器学习中的SVM思想，提出一种基于One-class SVM的通用检测方法。把时间隐蔽信道的检测看作是一种单值分类问题，利用正常信道数据集进行训练，构建分类模型。实验表明该检测方法在保证较高检测率的同时，又具备较好的通用性，可以比较有效地检测出多种网络时间隐蔽信道。

关键词: 时间隐蔽信道, 单类支持向量机, 网络安全

Abstract: The detection of covert timing channel is the focus and the difficulty of the research on covert channel. Current detections of covert timing channels are more directed against some particular covert timing channels, not all applicable. In this paper, a detection approach based on one-class SVM was introduced. Detection of covert channels is seen as a one-calss calssification problem. The model-building part of the algorithm works trained by the common channel set and generates the classification model. Experimental results show that the detection method can not only ensure a higher detection rate and better versatility, but also effectively detect covert timing channels.

Key words: covert timing channel, one-class SVM, network security

中图分类号:

TP393

刘义，兰少华. 基于One-class SVM的网络时间隐蔽信道检测方法[J]. 计算机与现代化, doi: 10.3969/j.issn.1006-2475.2017.06.021.

LIU Yi, LAN Shao-hua. Approach for Detecting Covert Timing Channels Based on One-class SVM[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2017.06.021.

参考文献

[1] Lampson B W. A note on the confinement problem[J]. Communications of the ACM, 1973,16(10):613-615.

[2] 王永吉,吴敬征,曾海涛,等. 隐蔽信道研究[J]. 软件学报, 2010,21(9):2262-2288.

[3] 丁志明. 基于模型拟合和模糊聚类的时间式网络隐蔽信道检测方法的研究[D]. 南京:南京理工大学, 2013.

[4] Cabuk S, Brodley C E, Shields C. IP covert timing channels: Design and detection[C]// Proceedings of the 11th ACM Conference on Computer and Communications Security. 2004:178-186.

[5] Cabuk S. Network Covert Channels: Design, Analysis, Detection and Elimination Purdue University, 2006.[D].

[6] 刘标. 基于递归定量分析的网络时间隐蔽信道检测方法研究[D]. 南京:南京理工大学, 2015.

[7] Walls R J, Kothari K, Wright M. Liquid: A detection-resistant covert timing channel based on IPD shaping[J]. Computer Networks, 2011,55(6):1217-1228.

[8] Scholkopf B, Platt J C, Shawe-Taylor J C, et al. Estimating the support of a high-dimensional distribution[J]. Neural Computation, 2001,13(7):1443-1471.

[9] Shah G, Molina A, Blaze M. Keyboards and covert channels[C]// Proceedings of the 15th Conference on USENIX Security Symposium. 2006:59-75.

[10] Kemmerer R A. Shared resource matrix methodology: An approach to identifying storage and timing channels[J]. ACM Transactions on Computer Systems, 1983,1(3):256-277.

[11] Kwecka Z. Application Layer Covert Channel Analysis and Detection[R]. Edinburgh Napier University, 2006.

[12] 王箴. 基于聚类和分化特性的网络时间隐蔽信道检测方法的研究[D]. 南京:南京理工大学, 2012.

[13] Berk V, Giani A, Cybenko G. Detection of Covert Channel Encoding in Network Packet Delays[R]. Technical Report TR2005-536, Department of Computer Science, Dartmouth College, 2005.

[14] Peng Pai, Ning Peng, Reeves D S. On the secrecy of timing-based active watermarking trace-back techniques[C]// Proceedings of the 2006 IEEE Symposium on Security and Privacy. 2006:334-349.

[15] Gianvecchio S, Wang Haining. Detecting covert timing channels: An entropy-based approach[C]// Proceedings of the 14th ACM Conference on Computer and Communications Security. 2007:307-316.

[16] WAND Network Research Group. WITS: Waikato Ⅷ[DB/OL]. http://wand.net.nz/wits/waikato/8, 2011-12-20.

基于One-class SVM的网络时间隐蔽信道检测方法

Approach for Detecting Covert Timing Channels Based on One-class SVM

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

[1]	杨骏, 王劲林, 倪宏, 盛益强, . 工控网络异常检测中基于灵敏度的动态迁移算法[J]. 计算机与现代化, 2023, 0(05): 46-51.
[2]	毛明扬, 徐胜超. 一种新的复杂网络安全主动防御模型[J]. 计算机与现代化, 2023, 0(04): 118-122.
[3]	潘裕庆, 张苏宁, 冯仁君, 景栋盛. 结合粒子群优化和LightGBM的入侵检测方法[J]. 计算机与现代化, 2023, 0(04): 123-126.
[4]	储苏红, 刘磊, . POF协议解析器[J]. 计算机与现代化, 2022, 0(09): 93-98.
[5]	吴水明, 吉志远, 王震宇, 景栋盛. 基于Dueling-DDQN的电力信息网络入侵检测算法[J]. 计算机与现代化, 2021, 0(12): 43-47.
[6]	张文博, 胡曦明, 李鹏, 马苗, 王涛, . 新工科下“手机+智能家电”物联网安全实验设计与实现[J]. 计算机与现代化, 2021, 0(04): 109-116.
[7]	郝怡然, 盛益强, 王劲林, . 基于t-SNE降维预处理的网络流量异常检测[J]. 计算机与现代化, 2021, 0(02): 109-116.
[8]	闫芮铵, 张立臣. 基于Focal Loss和卷积神经网络的入侵检测[J]. 计算机与现代化, 2021, 0(01): 65-69.
[9]	廖祖奇, 李飞, 张鹏飞. 基于CBR的车联网网络安全应急响应系统及方法[J]. 计算机与现代化, 2020, 0(11): 109-116.
[10]	代锐锋. 基于SSL虚拟技术的高校网络安全体系模型构建[J]. 计算机与现代化, 2020, 0(08): 122-126.
[11]	崔雯迪, 段鹏飞, 朱红强, 刘娜. 攻击图与HMM工业控制网络安全风险评估[J]. 计算机与现代化, 2020, 0(07): 32-37.
[12]	李荷婷，冯仁君，陈海雁，景栋盛. 基于异卷积神经网络的入侵检测[J]. 计算机与现代化, 2019, 0(10): 117-.
[13]	吴建台，刘光杰,刘伟伟，戴跃伟. 一种基于关联分析和HMM的网络安全态势评估方法[J]. 计算机与现代化, 2018, 0(06): 30-.
[14]	琚兴空. 基于隐马尔科夫模型的网络爬虫检测算法仿真[J]. 计算机与现代化, 2017, 0(4): 122-126.
[15]	王红凯1，于晓文2，张旭东1. 基于攻击检测和节点脆弱性的网络安全风险分析方法[J]. 计算机与现代化, 2017, 0(1): 96-100.