Journal of Systems Engineering and Electronics ›› 2013, Vol. 35 ›› Issue (6): 1312-1217.doi: 10.3969/j.issn.1001-506X.2013.06.31

• 通信与网络 • 上一篇    下一篇

基于校正熵的网络行为隐蔽信道的检测算法

钱玉文1, 宋华菊2 , 赵邦信1 , 张彤芳1, 郝劲松1   

  1. 1.南京理工大学电子工程与光电技术学院, 江苏 南京 210094
     2.南京晓庄学院, 江苏 南京 210011
  • 出版日期:2013-06-15 发布日期:2010-01-03

Study on the detection algorithm of covert network behavior channel based on corrected entropy

QIAN Yu-wen1, SONG Hua-ju2, ZHAO Bang-xin1, ZHANG Tong-fang1,HAO Jin-song1
   

  1. 1. School of Electronic and Optical Engineering, Nanjing University of Science and Technology, Nanjing 210094,  China
    2. Nanjing Xiaozhuang University, Nanjing 210011, China
  • Online:2013-06-15 Published:2010-01-03

PDF (PC)

摘要:

为解决传统检测方法检测隐蔽行为信道检测率较低的问题,提出了基于校正熵的隐蔽行为信道检测算法。所提算法利用向用户操作序列中嵌入隐蔽信息后,必然会引起其条件熵变化的原理进行检测。校正熵的引入,有效克服了利用条件熵进行检测会产生误报问题。基于校正熵对行为信道进行检测实验,检测结果表明,基于校正熵的隐蔽行为信道检测算法能够较好地在有噪声的环境中检测出几种常见的隐蔽时间信道,检测率约为96%。

Abstract:

To solve the problem that traditional co〖JP2〗vert channel detection algorithms cannot detect covert behavior channel precisely, a detection approach based on corrected entropy is proposed. The idea of detection approach is that when embedding the information into network operations of the users, the condition entropy of some features of network operations would be changed. In order to solve the problem of false alarm of the detector based on comdition entropy, the detection approach based on corrected entopy is proposed. Several experiments are done to detect several covert behavior channels to get the performance of the detection algorithm based on corrected entropy. The detection results show that the algorithm can work well in detecting several covert behavior channels and the detection rate is about 96%.

京ICP备11035014号-5
版权所有 © 2019 北京航天情报与信息研究所《系统工程与电子技术》编辑部
通讯地址:北京市142信箱32分箱《系统工程与电子技术》编辑部(100854)
电 话:(010)68388406/68386014    E-mail:xtgcydzjs@126.com(系统工程与电子技术)/jseeoffice@126.com(JSEE)
本系统由北京玛格泰克科技发展有限公司设计开发