共查询到17条相似文献,搜索用时 62 毫秒
1.
网络隐蔽通道检测系统模型设计 总被引:1,自引:1,他引:0
利用TCP/IP协议中建立隐蔽通道来进行非法通信已经成为网络安全的重要威胁。论文首先以IP协议和TCP协议为例,简要介绍了TCP/IP协议下网络隐蔽通道的建立方法和检测特点,针对目前检测工具主要面向特定隐蔽通道的特点,结合协议分析和流量分析方法提出了一种网络隐蔽通道检测系统的设计模型,为隐蔽通道的综合性检测提供了一种新的思路。 相似文献
2.
3.
4.
5.
在网络隐蔽时间信道中,数据包的发送或到达时间被操控以携带消息而达到隐蔽传送信息的目的。这种信道的存在会对信息私密性带来危害,因此应该被干扰或加以限制。因为网络隐蔽时间信道寄生于正常通信信道,对它的干扰不可避免会对正常网络通信带来负面影响。论文提出了如何在多重限制条件下对网络隐蔽时间信道进行干扰的问题,并针对这一问题给出了基于适应性随机延迟的解决方案。 相似文献
6.
叶荣 《电信工程技术与标准化》2013,(7):68-71
本文针对目前通信基站接地工程建设中存在的问题,通过对雷电入侵通道隔离防护技术及其特点的分析研究,探索该技术在通信基站中应用的可行性,并提出了应用方案和适用场景的建议。 相似文献
7.
片上网络中路由器发生故障势必会影响整个网络的性能,过大的容错开销也会给网络带来很大的负担.对此,本文提出了一种故障通道隔离的低开销容错路由器架构,该路由器通过减少不必要的交叉开关及合理优化各个端口VC的数目来减小路由器整体开销,同时增加一个冗余通道来达到对路由器容错的目的.当路由器中某个通道发生故障时,通道隔离检测方法使路由器能够在检测故障类型的同时进行数据传输,带回收指针的重传buffer将会进一步减少整个容错结构的开销.实验结果表明在无故障情况下本文设计的路由器较传统路由器平均延时降低45%左右,最大吞吐率提高28%左右,面积开销仅仅增加了18.24%.在故障存在的情况下,本文方案也显现出很大的优越性,能够达到很好的容错效果. 相似文献
8.
针对现实网络中诸如侧信道攻击、HID 攻击等传统的物理攻击,物理隔离被认为是一种较为彻底的抵御网络攻击的安全防护手段。2018 年,业界首次提出了一种物理隔离环境下的 Wi-Fi 隐蔽信道方法——Ghost Tunnel,即在Wi-Fi尚未连接的状态下,无线AP可成功将数据传给发起连接请求的计算机。提出了一种基于Ghost Tunnel方法的攻击框架—— GreyFan,利用该攻击框架攻击者可以对未连接Wi-Fi的用户实施无感知攻击,如文件隐蔽传输、任意代码执行等,并分析了相应的防御技术。 相似文献
9.
由于隐蔽信道可以绕过传统的安全策略实现非正常的通信机制,所以隐蔽信道的存在给安全信息系统带来了极大的安全隐患。网络中存在的隐蔽信道种类繁多,如何高效、快速、准确地检测出信道中可能存在的多种隐蔽信道成为亟需解决的问题。针对此问题提出了一种新型的网络隐蔽信道检测模型,该检测模型可根据安全等级的要求,对网络信道做出不同程度的安全检测,同时,根据隐蔽信道出现的频率、危害程度等属性实时改变隐蔽信道的检测顺序,从而提高网络隐蔽信道的检测效率。 相似文献
10.
安全操作系统是信息系统安全的基础,隐蔽通道是解决操作系统安全的瓶颈。论文首先介绍了一种对隐蔽存储通道进行细分的方法,即把隐蔽存储通道分为直接隐蔽存储通道和间接隐蔽存储通道。接着在对隐蔽通道进一步分析的基础上,给出了隐蔽通道产生的充要条件。 相似文献
11.
12.
In order to effectively identify the multiple types of DNS covert channels,the implementation of different sorts of DNS covert channel software was studied,and a detection based on the improved convolutional neural network was proposed.The experimental results,grounded upon the campus network traffic,show that the detection can identify twenty-two kinds of data interaction modes of DNS covert channels and is able to identify the unknown DNS covert channel traffic.The proposed method outperforms the existing methods. 相似文献
13.
Covert channels have been recently the subject of the study in both creation and countermeasure aspects. There are many different ways to embed the covert data in network standards and protocols, especially in wireless networks. MORE (MAC‐independent opportunistic routing) is an opportunistic routing protocol which uses networks coding to enhance routing performance by reducing the repetitions. This protocol can be a suitable medium for covert channel establishment. A middleman covert channel establishment method is proposed in this paper over MORE routing protocol and with the use of network coding. Hidden data are transferred through packet's payload bytes. Covert sender manipulates coding mechanism by calculating packets' coefficients instead of random selection. The proposed covert channel provides the average throughput of 218 and 231 bps, using two different data length approaches which is relatively a good comparing to the previous network layer covert channels. The proposed covert channel is also a covert storage channel and cannot be removed or restricted. Effect of different network characteristics on the proposed method's capacity and security is investigated by a simulation study, and the results are discussed. 相似文献
14.
Blockchain is a decentralized architecture emerging with cryptocurrencies,which is credible and robust.A network covert channel model in blockchain environment was proposed for the first time,which was anti-interference,anti-tamper modification,multi-line communication,receiver anonymity and line independence.The shortcomings of network covert channel in existing network environment could be tackled by the new type of network covert channel,such as characteristic defect.etc.Firstly,A network covert channel model in blockchain environment was presented by formal method,its anti-interference and anti-tamper modification was proved.Then,a blockchain network covert channel scenario using service operation interval time was presented.Finally,the undetectability,robustness and rate of the blockchain network covert channel evaluation vectors was proposed.A theoretical foundation was laid for the practicality of the new type of network covert channel in blockchain. 相似文献
15.
Worldwide Interoperability for Microwave Access (WiMAX) is the broadband wireless access technique that provides rapid broadband services to domestic and enterprise users. Owing to the broadcast characteristic of the WiMAX system, transmitted data security is crucial, particularly when the messages are confidential. In this work, exploiting of WiMAX to convey sensitive secret information is presented. In the first phase, we exploited conventional WiMAX (fast Fourier transform [FFT]‐WiMAX), and in the second phase, we propose a wavelet packet transform (WPT)–based WiMAX for covert communication. The quality evaluation of both covert transmission models (FFT‐WiMAX and WPT‐WiMAX) over the fading channel is done in this work. The experimental outcomes of the proposed WPT‐WiMAX covert transmission system reveal a significant enhancement in error rate (bit error rate) and peak signal‐to‐noise ratio for a given signal‐to‐noise ratio. 相似文献
16.
17.
在高密度蜂窝车联网(cellular vehicle-to-everything,C-V2X)中,群集通信终端的有效阵列接入方法是多业务性能保障和有限频谱效率提升的前提。利用蜂窝车联网中终端计算能力,提出了信道自适应的业务接入机制。该机制由基站估计当前区域通信密度,生成通信密度关联的接入类别限制(access class barring,ACB)因子,并在通信区域内广播;随后,车载通信终端根据接收基站广播信号的信干噪比(signal to interference plus noise ratio,SINR)和ACB因子计算自适应信道状态的接入概率,并比较接入概率和ACB因子。当接入概率大于ACB因子时,通信终端以最小接入概率从前导码池中随机选择一个前导码上传到基站,以获得与信道状态匹配的接入机会。仿真结果表明,在高密度通信状态下,与S-ALOHA协议和M2M-OSA方案相比,所提方案平均接入碰撞概率降低了约5%~20%,有效地减小了平均接入时延。 相似文献