本文已被:浏览 1616次 下载 1950次
Received:January 19, 2018 Revised:March 13, 2018
Received:January 19, 2018 Revised:March 13, 2018
中文摘要: 为提高软件定义网络抵抗高级持续性威胁的能力,对软件定义网络特性及高级持续性威胁中的隐蔽通信进行了分析,提出了一种适用于软件定义网络的高效隐蔽通信检测机制.该隐蔽通信检测机制首先利用软件定义网络抓取网络流量并从中获取可能包含隐蔽通信的报文;随后从上述报文中提取SSL证书,并计算用于表征该证书的特征值;最后采用孤立森林算法对证书的特征值进行检测以判断证书是否为非法证书,基于此检测结果判断网络中是否存在隐蔽通信.实验结果及分析表明,该隐蔽通信检测机制能够提高隐蔽通信检测精度,降低隐蔽通信误检率;同时该机制可扩展性较高,能够适用于不同应用场景.
Abstract:In order to detect advanced persistent threat in software defined network, an efficient mechanism utilized in SDN is proposed to detect covert communication in this study, based on analyzing the architecture of SDN and covert communication in advanced persistent threat. When detecting covert communication, this mechanism firstly captures the transmitted traffic from the underlying network. Subsequently, it extracts SSL certificates from the captured packets and calculates several eigenvalues of the extracted SSL certificates. At last, using isolation forest algorithm, it detects whether these SSL certificates are abnormal taking advantages of the extracted eigenvalues. Based on the detection result of SSL certificates, this mechanism can judge whether there is covert communication in this network. Experimental results verify that the proposed mechanism can improve the detection accuracy and reduce false positive of covert communication. At the same time, this mechanism has high scalability, which makes it easily implemented in other scenarios.
文章编号: 中图分类号: 文献标志码:
基金项目:国家铁总重大项目(2016X008-D)
引用文本:
倪永峰,闫连山,崔允贺,李赛飞.面向软件定义网络的隐蔽通信检测机制.计算机系统应用,2018,27(9):143-150
NI Yong-Feng,YAN Lian-Shan,CUI Yun-He,LI Sai-Fei.Covert Communication Detection Mechanism for Software Defined Network.COMPUTER SYSTEMS APPLICATIONS,2018,27(9):143-150
倪永峰,闫连山,崔允贺,李赛飞.面向软件定义网络的隐蔽通信检测机制.计算机系统应用,2018,27(9):143-150
NI Yong-Feng,YAN Lian-Shan,CUI Yun-He,LI Sai-Fei.Covert Communication Detection Mechanism for Software Defined Network.COMPUTER SYSTEMS APPLICATIONS,2018,27(9):143-150
