题名

以網路通訊協定為基礎之隱密性通道特徵分析

并列篇名

Pattern Analysis for Covert Channel Features Based on Internet Protocols

DOI

10.29767/ECS.200609.0005

作者

曹偉駿(Woei-Jiunn Tsaur);林宗杰(Tzong-Jie Lin)

关键词

網路安全 ; 木馬程式 ; 隱密性通道 ; 資料探勘 ; Network Security ; Trojan Horse ; Covert Channel ; Data Mining

期刊名称

Electronic Commerce Studies

卷期/出版年月

4卷3期(2006 / 09 / 30)

页次

327 - 344

内容语文

繁體中文
中文摘要

近年來網際網路的使用率呈現爆炸,使得駭客得以利用系統漏洞或是通訊協定的疏漏等問題,發展出複雜且多樣化的入侵攻擊技巧,如阻絕服務攻擊;病毒攻擊;惡意木馬程式等。而隱密性通道的發展勢必成為未來木馬程式相互溝通的橋樑,由於該通道所產生之封包完全符合通訊協定所制定的封包格式,使得防火牆或入侵偵測系統不易察覺與防範。本研究主要採用DARPA dataset 與四種具代表性之隱密性通道軟體所產生之封包記錄檔為基礎,藉由有效的華德分群法與k-means分群法進行兩階段分群,來區別出正常封包與隱密性通道封包所產生之特徵,並對於如何防制隱密性通道提出相關建議。
英文摘要

With the growth of Internet technology utilization, hackers can take advantages of security holes of the systems and protocols to develop some complex and various intrusion skills, such as denial of service (DoS), virus and Trojan horse attacks. A covert channel has been always playing a role in bridging these intrusion skills, especially in Trojan horse. Because all the packets produced by covert channels are to employ the standard protocol specifications, these legal but furtive packets are hard to be detected by firewalls and intrusion detection systems. The proposed scheme uses a two-step clustering method, including Ward's clustering and k-means clustering, to deal with the normal and abnormal packets using DARPA dataset and four kinds of covert channel software tools. These experimental results can be further a practical reference for preventing the covert channel attack.
主题分类 基礎與應用科學 > 資訊科學
社會科學 > 經濟學
参考文献
  1. ACK Tunneling trojans
  2. Borders, K.,A. Prakash(2004).Web Tap: Detecting Covert Web Traffic.Proceedings of the 11th ACM Conference on Computer and Communications Security
  3. Covert Channels in the TCP/IP Suite
  4. 1998 DARPA Intrusion Detection Evaluation Data Set Overview
  5. Department of Defence, Department of Defence Trusted Computer System Evaluation Criteria(1983).DoD standard, DOD 5200.28-STD.
  6. Forte, D.(2003).Covert Channels: Covering `Malicious` Traffic.Network Security,2003(4),16-18.
  7. Kamran, A.(2002).Department of Electrical and Computer Engineering, University of Toronto.
  8. KDD Cup 1999 Data
  9. Kieltyka, P.(2002).ICMP Shell.http://icmpshell.sourceforge.net/
  10. Lampson, B.W.(1973).A Note on the Confinement Problem.Communications of the ACM,16(10),613-615.
  11. HTTP Tunnel
  12. MacQueen, J.(1967).Some Methods for Classification and Analysis of Multivariate Observations.Proceedings of Fifth Berkeley Symposium on Mathematical Statistics and Probability
  13. A Discussion of Covert Channels and Steganography
  14. Mirkovic, J.,G. Prier,P. Reiher(2003).Source-End DDoS Defence.Proceedings of Second IEEE International Symposium on Network Computing and Applications
  15. Moskowitz, I.S.,R.E. Newman,D.P. Crepeau,A.R. Miller(2003).Covert Channel and Anonymizing Networks.Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society
  16. ICMP Usage in Scanning: The Complete Know-how
  17. Vapnik, V.N.(1998).Statistical Learning Theory.New York:Wiley.
  18. Ward, J.H.(1963).Hierarchical Grouping to Optimize an Objective Function.Journal of the American Statistical Association,58(301),236-244.
  19. 牟善玲(2003)。碩士論文(碩士論文)。國立台灣科技大學。
  20. 陳奕明、游啓勝(2002)。以網路協定爲基礎的隱密性通道其威脅與防制。網際網路安全工程研討會
print cancel