摘要： 在包含巨大通信量和多种通信协议的网络环境下,隐蔽信道允许进程以危害系统安全的方式传输信息,对安全信息系统构成威胁。为此,提出一种基于聚类分析的隐蔽信道检测算法,根据正常通信数据和隐蔽通信数据聚类的差别判断通信流中是否存在网络存储隐蔽信道。实验结果表明,该算法可根据通信量大小和待检测字段特点灵活调整实现算法,具有较高的实时性和准确率。

关键词: 聚类分析, 网络隐蔽信道, 隐蔽信道检测, 网络安全, 安全检测

Abstract: The huge communication traffic and vast of communication protocol turn to be perfect medium for covert channel.As a kind of communication channel which allows a process to transfer information in a manner that violates the system’s security,the covert channel is becoming a major threat to the secure information systems.A detection algorithm of Network Covert Storage Channel based on Cluster Analysis(NCSCCA) is proposed in this paper to detect covert storage channel,which is widely existed in network.This new method can identify whether a covert storage channel is existed in the communicating,depending on cluster analysis difference between normal and abnormal communication and has a high-speed feature.What’s more,this method has the ability to detect several kinds of covert storage channel.Preliminary experiment results show that the method is real-time and accurate.

Key words: clustering analysis, network covert channel, covert channel detection, network security, security detection

中图分类号: 

• TP393