泛在网络环境下隐蔽通道关键技术研究综述

doi:10.11959/j.issn.1000-436x.2022072

通信学报 ›› 2022, Vol. 43 ›› Issue (4): 186-201.doi: 10.11959/j.issn.1000-436x.2022072

泛在网络环境下隐蔽通道关键技术研究综述

李凤华¹^,², 李超洋¹^,², 郭超³, 李子孚¹, 房梁¹, 郭云川¹^,²

¹ 中国科学院信息工程研究所，北京 100093
² 中国科学院大学网络空间安全学院，北京 100049
³ 北京电子科技学院电子与通信工程系，北京 100070

修回日期:2022-03-09 出版日期:2022-04-25 发布日期:2022-04-01
作者简介:李凤华（1966- ），男，湖北浠水人，博士，中国科学院信息工程研究所研究员、博士生导师，主要研究方向为网络与系统安全、大数据安全与隐私保护、密码工程
李超洋（1996- ），男，河北唐山人，中国科学院信息工程研究所硕士生，主要研究方向为网络与系统安全
郭超（1987- ），女，江西九江人，博士，北京电子科技学院讲师，主要研究方向为空间信息网络、通信安全、传输控制
李子孚（1992- ），女，内蒙古赤峰人，博士，中国科学院信息工程研究所工程师，主要研究方向为网络与系统安全、访问控制
房梁（1989- ），男，山西太原人，博士，中国科学院信息工程研究所副研究员，主要研究方向为信息安全、访问控制
郭云川（1977- ），男，四川营山人，博士，中国科学院信息工程研究所正高级工程师、博士生导师，主要研究方向为访问控制、网络安全
基金资助:
国家重点研发计划基金资助项目(2019YFB2101702);国家自然科学基金资助项目(U1836203);广东省重点领域研发计划基金资助项目(2019BP010137005);中国科学院青年创新促进会人才基金资助项目(2019160)

Survey on key technologies of covert channel in ubiquitous network environment

Fenghua LI¹^,², Chaoyang LI¹^,², Chao GUO³, Zifu LI¹, Liang FANG¹, Yunchuan GUO¹^,²

¹ Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
² School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
³ Department of Electronic and Communication Engineering, Beijing Electronic Science and Technology Institute, Beijing 100070, China

Revised:2022-03-09 Online:2022-04-25 Published:2022-04-01
Supported by:
The National Key Research and Development Program of China(2019YFB2101702);The National Natural Science Foundation of China(U1836203);The Key-Area Research and Development Program of Guangdong Province(2019BP010137005);Talent Fund Program of the Youth Innovation Promotion Association CAS(2019160)

摘要/Abstract

摘要：

在泛在网络环境下，隐蔽通道通过修改系统共享资源，绕开系统的安全策略传输隐蔽信息，给计算机和网络系统造成了严重的安全威胁。针对此问题，主要从度量、构建和检测3个方面对泛在网络环境下的隐蔽通道相关研究进行归纳和分析。首先，总结归纳了典型的隐蔽通道度量指标，包括隐蔽通道的容量、稳健性、抗检测性、规律性和形状。其次，归纳整理了隐蔽通道的构建方法，并从共享资源、容量、稳健性、抗检测性、优点和缺点6个方面对隐蔽通道构建技术进行了对比分析。再次，从隐蔽通道类型、准确率、是否能盲检、优点和缺点5个方面对比分析了隐蔽通道的检测技术。最后，总结了隐蔽通道的发展趋势并展望了未来研究方向。

关键词: 泛在网络, 隐蔽通道度量, 隐蔽通道构建, 隐蔽通道检测

Abstract:

In the ubiquitous network environment, covert channel bypasses the system’s security strategy to transmit covert information by modifying the system’s shared resources, which poses a serious security threat to the computer and network system.The researches on covert channel in ubiquitous network environment were summarized and analyzed from three aspects of measurement, construction and detection.First, the typical covert channel metrics including the capacity, robustness, anti-detection, regularity and shape were summarized.Second, the construction technologies of covert channel were summarized and analyzed from six aspects of resource sharing, capacity, robustness, anti-detection, advantages and disadvantages in the first time.Third, the detection technologies of covert channel were compared and analyzed from five aspects of the type of covert channel, accuracy, whether it can be blind detection, the advantages and disadvantages.Finally, the development trends of covert channel were summarized and future research directions were prospected.

Key words: ubiquitous network, covert channel measurement, covert channel construction, covert channel detection

中图分类号:

TP393

李凤华, 李超洋, 郭超, 李子孚, 房梁, 郭云川. 泛在网络环境下隐蔽通道关键技术研究综述[J]. 通信学报, 2022, 43(4): 186-201.

Fenghua LI, Chaoyang LI, Chao GUO, Zifu LI, Liang FANG, Yunchuan GUO. Survey on key technologies of covert channel in ubiquitous network environment[J]. Journal on Communications, 2022, 43(4): 186-201.

图/表 12

图1

图

图3

表1

表2

隐蔽通道构建方法细粒度对比分析"

方法类别	构建方法	共享资源（通信环境）	容量	稳健性	抗检测性	优点	缺点
基于信息编解码	基于数据包顺序编解码^[23]	数据包（传统网络）	1.2 Mbit/s	强	弱	数据包合理排序可以实现大容量和低错误率的隐蔽传输	传输数据量越大越容易被检测，且开销大
	编解码SPRT传感器信号^[47]	SPRT传感器（物联网）	4 097.5～9 061.67 bit/s	强	—	隐蔽通道容量大，编/解码速度快	检测开销大
基于时间模式调节	基于包间时延^[10]	包间时延（传统网络）	—	较强	较强	稳健性较强，丢包率较低	没有充分研究隐蔽通道的容量
基于协议扩展填充	基于信息隐藏^[17]	MQTT协议（物联网）	1～1 048 560 Tbit/s	较强	较强	设计隐蔽通道种类较多，可扩展到其他类似协议中构建	当网络时延增加时，误码率会增加
基于恶意软件行为	基于用户行为^[49]	智能手机（移动通信网络）	1～1.67 bit/s	较强	较强	有较强的抗检测性	检测开销大
基于流媒体调制	调制蜂窝语音流^[20]	蜂窝语音流（移动通信网络）	13 bit/s	强	—	有较大的隐蔽容量且稳健性强	没有充分研究隐蔽通道的抗检测性
基于系统资源共享	基于硬件随机数生成器^[3]	硬件随机数生成器（操作系统）	7～200 kbit/s	强	—	隐蔽通道容量大、误差小，不易产生噪声	当木马和间谍进程同时执行时，隐蔽容量会减少
	基于分支预测器^[5]	分支预测器（操作系统）	—	较强	—	隐蔽通道容量大、稳健且抗噪声	没有充分研究隐蔽通道的抗检测性
	基于内存重复删除^[18]	内存（云环境）	1.24～90 bit/s	—	—	当系统工作量增加时，隐蔽通道容量下降不明显	选择构建隐蔽通道的内存越大，越容易被检测
	基于缓存^[56]	缓存（云环境）	34.27～45.09kbit/s	强	—	容量大且稳健性强，错误传输率极低，且有较强的抗噪性	通信端点设计不支持分组交换，不能同时拥有多个套接字
	基于内存总线^[58]	内存总线（云环境）	至少100 bit/s	较强	—	隐蔽通道容量大且可靠	由于内存访问的不确定性，使检测开销大；抗噪性较差，当噪声严重时，误码率会升高
	基于云实例硬盘争用^[60]	云实例（云环境）	0.1 bit/s	较强	较强	因不知隐蔽传输位何时启动，故有较强的抗检测性和稳健性	隐蔽容量较小，检测开销大，当云实例频繁访问硬盘时，误码率会升高
基于物理介质调节	调节磁信号^[21]	磁信号（Air-gap）	至多5 bit/s	较弱	—	当无线通信距离较近时有较大的传输速率，且误码率低	随着无线通信距离增大，误码率会增加

表2

表3

表4

表5

表6

表7

表8

表9

参考文献 95

[43]	ARCHIBALD R , GHOSAL D . A comparative analysis of detection metrics for covert timing channels[J]. Computers ＆ Security, 2014,45: 284-292.
[44]	CAVIGLIONE L , MERLO A , MIGLIARDI M . Covert channels in IoT deployments through data hiding techniques[C]// Proceedings of 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA). Piscataway:IEEE Press, 2018: 559-563.
[45]	MILEVA A , VELINOV A , STOJANOV D . New covert channels in Internet of things[C]// Proceedings of the 12th International Conference on Emerging Security Information,Systems and Technologies-SECURWARE 2018. Piscataway:IEEE press, 2018: 30-36.
[46]	TAN Y , ZHANG X S , SHARIF K ,et al. Covert timing channels for IoT over mobile networks[J]. IEEE Wireless Communications, 2018,25(6): 38-44.
[47]	HO J W . Covert channel establishment through the dynamic adaptation of the sequential probability ratio test to sensor data in IoT[J]. IEEE Access, 2019,7: 146093-146107.
[48]	BASTYS I , BALLIU M , SABELFELD A . If this then what? controlling flows in IoT apps[C]// Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 1102-1119.
[49]	QI W , DING W F , WANG X Y ,et al. Construction and mitigation of user-behavior-based covert channels on smartphones[J]. IEEE Transactions on Mobile Computing, 2018,17(1): 44-57.
[50]	TAN Y A , XU X T , LIANG C ,et al. An end-to-end covert channel via packet dropout for mobile networks[J]. International Journal of Distributed Sensor Networks, 2018,14(5): 1-14.
[51]	NOVAK E , TANG Y T , HAO Z J ,et al. Physical media covert channels on smart mobile devices[C]// Proceedings of 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing. New York:ACM Press, 2015: 367-378.
[52]	SCHULZ M , LINK J , GRINGOLI F ,et al. Shadow Wi-Fi:teaching smartphones to transmit raw signals and to extract channel state information to implement practical covert channels over Wi-Fi[C]// Proceedings of the 16th Annual International Conference on Mobile Systems,Applications,and Services. New York:ACM press, 2018: 256-268.
[53]	CHANDRA S , LIN Z Q , KUNDU A ,et al. Towards a systematic study of the covert channel attacks in smartphones[C]// International Conference on Security and Privacy in Communication Networks, 2015: 427-435.
[54]	QI W , XU Y C , DING W F ,et al. Privacy leaks when you play games:a novel user-behavior-based covert channel on smartphones[C]// Proceedings of 2015 IEEE 23rd International Conference on Network Protocols. Piscataway:IEEE Press, 2015: 201-211.
[1]	王翀, 王秀利, 吕荫润 ,等. 隐蔽信道新型分类方法与威胁限制策略[J]. 软件学报, 2020,31(1): 228-245.
	WANG C , WANG X L , LYU Y R ,et al. Categorization of covert channels and its application in threat restriction techniques[J]. Journal of Software, 2020,31(1): 228-245.
[55]	WU B , LIU H W . A behavior-based covert channel based on GPS deception for smart mobile devices[C]// Proceedings of ICC 2019 2019 IEEE International Conference on Communications. Piscataway:IEEE Press, 2019: 1-6.
[56]	MAURICE C , WEBER M , SCHWARZ M ,et al. Hello from the other side:SSH over robust cache covert channels in the cloud[C]// Proceedings of Network and Distributed System Security Symposium. Reston:Internet Society, 2017: 8-11.
[2]	The Department of Defense. Trusted computer system evaluation criteria:DoD 5200.28-STD[S]. 1985.
[3]	EVTYUSHKIN D , PONOMAREY D . Covert channels through random number generator:mechanisms,capacity estimation and mitigations[C]// Proceedings of 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 843-857.
[57]	SULLIVAN D , ARIAS O , MEADE T ,et al. Microarchitectural minefields:4K-aliasing covert channel and multi-tenant detection in Iaas clouds[C]// Proceedings of Network and Distributed Systems Security Symposium. Reston:Internet Society, 2018:doi.org/10.14722/ndss.2018.23231.
[58]	WU Z Y , ZHANG X , WANG H N . Whispers in the hyper-space:highspeed covert channel attacks in the cloud[C]// Proceedings of USENIX Security Symposium. Berkeley:USENIX Association, 2012: 159-173.
[4]	CLEMENTINE M , NEUMANN C , HEEN O ,et al. C5:cross-cores cache covert channel[C]// Detection of Intrusions and Malware,and Vulnerability Assessment. Berlin:Springer, 2015: 46-64.
[5]	EVTYUSHKIN D , PONOMAREV D , ABU-GHAZALEH N , . Covert channels through branch predictors:a feasibility study[C]// Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy,New York:ACM Press, 2015: 1-8.
[59]	WU Z Y , XU Z , WANG H N . Whispers in the hyper-space:high-bandwidth and reliable covert channel attacks inside the cloud[J]. IEEE/ACM Transactions on Networking, 2015,23(2): 603-615.
[60]	LIPINSKI B , MAZURCZYK W , SZCZYPIORSKI K . Improving hard disk contention-based covert channel in cloud computing environment[C]// Proceedings of IEEE Security and Privacy Workshops. Piscataway:IEEE Press, 2014: 100-107.
[6]	SHAH G , MOLINA A , BLAZE M . Keyboards and covert channels[C]// Proceedings of the 15th Conference on USENIX Security Symposium. Berkeley:USENIX Association, 2006: 59-75.
[7]	李彦峰, 丁丽萍, 吴敬征 ,等. 网络隐蔽信道关键技术研究综述[J]. 软件学报, 2019,30(8): 2470-2490.
	LI Y F , DING L P , WU J Z ,et al. Survey on key issues in networks covert channel[J]. Journal of Software, 2019,30(8): 2470-2490.
[8]	AZADMANESH M , MAHDAVI M , SHAHGHOLI G B . A reliable and efficient micro-protocol for data transmission over an RTP-based covert channel[J]. Multimedia Systems, 2020,26(2): 173-190.
[61]	TAHIR R , KHAN M T , GONG X ,et al. Sneak-Peek:high speed covert channels in data center networks[C]// Proceedings of the 35th Annual IEEE International Conference on Computer Communications. Piscataway:IEEE Press, 2016: 1-9.
[62]	TIAN S , SZEFER J . Temporal thermal covert channels in cloud FPGAs[C]// Proceedings of 2019 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays. New York:ACM Press, 2019: 298-303.
[9]	JOHNSON M , LUTZ P , JOHNSON D . Covert channel using man-in-the-middle over HTTPS[C]// Proceedings of 2016 International Conference on Computational Science and Computational Intelligence (CSCI). Piscataway:IEEE Press, 2016: 917-922.
[10]	ZHANG L J , HUANG T W , RASHEED W ,et al. An enlarging-the-capacity packet sorting covert channel[J]. IEEE Access, 2019,7: 145634-145640.
[11]	MURDOCH S J , LEWIS S . Embedding covert channels into TCP/IP[C]// Proceedings of the 7th International Information Hiding Workshop. Berlin:Springer, 2005: 247-261.
[12]	HOVHANNISYAN H , LU K J , WANG J P . A novel high-speed IP-timing covert channel:design and evaluation[C]// Proceedings of 2015 IEEE International Conference on Communications. Piscataway:IEEE Press, 2015: 7198-7203.
[63]	MASTI R J , RAI D , RANGANATHAN A ,et al. Thermal covert channels on multi-core platforms[C]// Proceedings of the 24th USENIX Security Symposium. Berkeley:USENIX Association, 2015: 865-880.
[64]	GURI M , MONITZ M , MIRSKI Y ,et al. BitWhisper:covert signaling channel between air-gapped computers using thermal manipulations[C]// Proceedings of 2015 IEEE 28th Computer Security Foundations Symposium. Piscataway:IEEE Press, 2015: 276-289.
[13]	CABUK S , BRODLEY C E , SHIELDS C . IP covert timing channels:design and detection[C]// Proceedings of the 11th ACM Conference on Computer and Communications Security. New York:ACM Press, 2004: 178-187.
[14]	ARCHIBALD R , GHOSAL D . Design and analysis of a model-based covert timing channel for skype traffic[C]// Proceedings of 2015 IEEE Conference on Communications and Network Security. Piscataway:IEEE Press, 2015: 236-244.
[15]	LIU W W , LIU G J , JI X P ,et al. Designing rich-secure network covert timing channels based on nested lattices[J]. KSII Transactions on Internet and Information Systems (TIIS), 2019,13(4): 1866-1883.
[16]	HO J S , YAN S H , ZHOU X B ,et al. Covert communications without channel state information at receiver in IoT systems[J]. Internet of Things Journal, 2020,7(11): 11103-11114.
[17]	VELINOV A , MILEVA A , WENDZEL S ,et al. Covert channels in the MQTT-based Internet of things[J]. IEEE Access, 2019,7: 161899-161915.
[18]	XIAO J D , ZHANG X , HUANG H ,et al. A covert channel construction in a virtualized environment[C]// Proceedings of 2012 ACM conference on Computer and Communications Security. New York:ACM Press, 2012: 1040-1042.
[65]	KRISHNAMURTHY P , KHORRAMI F , KARRI R ,et al. Process-aware covert channels using physical instrumentation in cyber-physical systems[J]. IEEE Transactions on Information Forensics and Security, 2018,13(11): 2761-2771.
[66]	PARTALA J . Provably secure covert communication on blockchain[J]. Cryptography, 2018,2(3): 18.
[19]	RONG H , WANG H M , LIU J ,et al. WindTalker:an efficient and robust protocol of cloud covert channel based on memory deduplication[C]// Proceedings of 2015 IEEE Fifth International Conference on Big Data and Cloud Computing. Piscataway:IEEE Press, 2015: 68-75.
[20]	ALORAINI B , JOHNSON D , STACKPOLE B ,et al. A new covert channel over cellular voice channel in smartphones[J]. arXiv Preprint,arXiv:1504.05647, 2015.
[21]	GURI M . MAGNETO:covert channel between air-gapped systems and nearby smartphones via CPU-generated magnetic fields[J]. Future Generation Computer Systems, 2021,115: 115-125.
[22]	EPISHKINA A , KOGOS K . Covert channels parameters evaluation using the information theory statements[C]// Proceedings of 2015 5th International Conference on IT Convergence and Security (ICITCS). Piscataway:IEEE Press, 2015: 1-5.
[23]	EL-ATAWY A , DUAN Q , AL-SHAER E , . A novel class of robust covert channels using out-of-order packets[J]. IEEE Transactions on Dependable and Secure Computing, 2017,14(2): 116-129.
[24]	ZHANG X S , TAN Y , LIANG C ,et al. A covert channel over VoLTE via adjusting silence periods[J]. IEEE Access, 2018,6: 9292-9302.
[25]	WANG L G , . Optimal throughput for covert communication over a classical-quantum channel[C]// Proceedings of 2016 IEEE Information Theory Workshop. Piscataway:IEEE Press, 2016: 364-368.
[26]	SHEIKHOLESLAMI A , BASH B A , TOWSLEY D ,et al. Covert communication over classical-quantum channels[C]// Proceedings of 2016 IEEE International Symposium on Information Theory. Piscataway:IEEE Press, 2016: 2064-2068.
[27]	BULLOCK M S , GAGATSOS C N , GUHA S ,et al. Fundamental limits of quantum-secure covert communication over bosonic channels[J]. IEEE Journal on Selected Areas in Communications, 2020,38(3): 471-482.
[67]	TIAN J , GOU G P , LIU C ,et al. DLchain:a covert channel over blockchain based on dynamic labels[C]// Information and Communications Security. Berlin:Springer, 2020: 814-830.
[68]	GAO F , ZHU L H , GAI K K ,et al. Achieving a covert channel over an open blockchain network[J]. IEEE Network, 2020,34(2): 6-13.
[28]	BLOCH M R . Covert communication over noisy channels:a resolvability perspective[J]. IEEE Transactions on Information Theory, 2016,62(5): 2334-2354.
[29]	AHMADIPOUR M , SALEHKALAIBAR S , YASSAEE M H ,et al. Covert communication over a compound discrete memoryless channel[C]// Proceedings of 2019 IEEE International Symposium on Information Theory. Piscataway:IEEE Press, 2019: 982-986.
[30]	BASH B A , GOECKEL D , TOWSLEY D . Limits of reliable communication with low probability of detection on AWGN channels[J]. IEEE Journal on Selected Areas in Communications, 2013,31(9): 1921-1930.
[31]	BENDARY A , ABDELAZIZ A , KOKSAL C E . Achieving positive covert capacity over MIMO AWGN channels[J]. IEEE Journal on Selected Areas in Information Theory, 2021,2(1): 149-162.
[32]	TAHMASBI M , SAVARD A , BLOCH M R . Covert capacity of non-coherent Rayleigh-fading channels[J]. IEEE Transactions on Information Theory, 2020,66(4): 1979-2005.
[33]	MCIVER A , MORGAN C . Programming methodology[M]. New York: Springer, 2003: 441-460.
[34]	TA H Q , KIM S W . Covert communication under channel uncertainty and noise uncertainty[C]// Proceedings of ICC 2019 - 2019 IEEE International Conference on Communications. Piscataway:IEEE Press, 2019: 1-6.
[35]	ZHANG X S , ZHU L H , WANG X M ,et al. A packet-reordering covert channel over VoLTE voice and video traffics[J]. Journal of Network and Computer Applications, 2019,126: 29-38.
[36]	ZHANG X S , GUO L H , XUE Y ,et al. A two-way VoLTE covert channel with feedback adaptive to mobile network environment[J]. IEEE Access, 2019,7: 122214-122223.
[37]	LIU Y L , GHOSAL D , ARMKNECHT F ,et al. Robust and undetectable steganographic timing channels for i.i.d.traffic[C]// Proceedings of the 12th International Conference on Information Hiding. Berlin:Springer, 2010: 193-207.
[69]	TAHERI S , MAHDAVI M , MOGHIM N . A dynamic timing-storage covert channel in vehicular ad hoc networks[J]. Telecommunication Systems, 2018,69(4): 415-429.
[70]	NAFEA H , KIFAYAT K , SHI Q ,et al. Efficient non-linear covert channel detection in TCP data streams[J]. IEEE Access, 2019,8: 1680-1690.
[38]	ARCHIBALD R , GHOSAL D . A covert timing channel based on fountain codes[C]// Proceedings of 2012 IEEE 11th International Conference on Trust,Security and Privacy in Computing and Communications. Piscataway:IEEE Press, 2012: 970-977.
[39]	WANG P , LAN S H , ZHANG J ,et al. A hidden channel method based on TCP time stamp option[D]. Nanjing:Nanjing University of Science and Technology, 2015.
[40]	李彦峰, 丁丽萍, 吴敬征 ,等. 区块链环境下的新型网络隐蔽信道模型研究[J]. 通信学报, 2019,40(5): 67-78.
	LI Y F , DING L P , WU J Z ,et al. Research on a new network covert channel model in blockchain environment[J]. Journal on Communications, 2019,40(5): 67-78.
[41]	CHOW J , LI X Y , MOUNTROUIDOU X . Raising flags:detecting covert storage channels using relative entropy[C]// Proceedings of 2017 IEEE International Conference on Intelligence and Security Informatics. Piscataway:IEEE Press, 2017: 25-30.
[42]	CABUK S . Network covert channels:design,analysis,detection,and elimination[D]. Indiana:Purdue University, 2006.
[71]	REZAEI F , HEMPEL M , SHARIF H . Towards a reliable detection of covert timing channels over real-time network traffic[J]. IEEE Transactions on Dependable and Secure Computing, 2017,14(3): 249-264.
[72]	EPISHKINA A , FINOSHIN M , KOGOS K ,et al. Timing covert channels detection cases via machine learning[C]// Proceedings of 2019 European Intelligence and Security Informatics Conference (EISIC). Piscataway:IEEE Press, 2019:139.
[73]	MOHAMMED H , ODETOLA T A , HASAN S R ,et al. (HIADIoT):hardware intrinsic attack detection in Internet of things; leveraging power profiling[C]// Proceedings of 2019 IEEE 62nd International Midwest Symposium on Circuits and Systems. Piscataway:IEEE Press, 2019: 852-855.
[74]	VZQUEZ F I , ANNESSI R , ZSEBY T . Analytic study of features for the detection of covert timing channels in network traffic[J]. Journal of Cyber Security and Mobility, 2017,6(3): 225-270.
[75]	SHRESTHA P L , HEMPEL M , REZAEI F ,et al. A support vector machine-based framework for detection of covert timing channels[J]. IEEE Transactions on Dependable and Secure Computing, 2016,13(2): 274-283.
[76]	WANG Z Q , DONG H Y , CHI Y P ,et al. DGA and DNS covert channel detection system based on machine learning[C]// Proceedings of the 3rd International Conference on Computer Science and Application Engineering. New York:ACM Press, 2019: 1-5.
[77]	DARWISH O , AL-FUQAHA A , BEN-BRAHIM G ,et al. Using hierarchical statistical analysis and deep neural networks to detect covert timing channels[J]. Applied Soft Computing, 2019,82: 105546.
[78]	HAN J X , HUANG C , SHI F ,et al. Covert timing channel detection method based on time interval and payload length analysis[J]. Computers ＆ Security, 2020,97: 101952.
[79]	ALAM M , SETHI S . Detection of information leakage in cloud[J]. arXiv Preprint,arXiv:1504.03539, 2015.
[80]	WANG H , LIU G J , LIU W W ,et al. Detection of jitterbug covert channel based on partial entropy test[J]. Lecture Notes in Computer Science,2017, 1060,3: 357-368.
[81]	GIANVECCHIO S , WANG H N . An entropy-based approach to detecting covert timing channels[J]. IEEE Transactions on Dependable and Secure Computing, 2011,8(6): 785-797.
[82]	张宇飞, 沈瑶, 杨威 ,等. 差分信息熵的网络时序型隐蔽信道检测[J]. 软件学报, 2019,30(9): 2733-2759.
	ZHANG Y F , SHEN Y , YANG W ,et al. Detecting covert timing channels based on difference entropy[J]. Journal of Software, 2019,30(9): 2733-2759.
[83]	WANG Z K , HUANG L S , YANG W ,et al. An entropy-based method for detection of covert channels over LTE[C]// Proceedings of 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design. Piscataway:IEEE Press, 2018: 872-877.
[84]	DARWISH O , AL-FUQAHA A , BEN-BRAHIM G ,et al. Using MapReduce and hierarchical entropy analysis to speed-up the detection of covert timing channels[C]// Proceedings of 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC). Piscataway:IEEE Press, 2017: 1102-1107.
[85]	ALDINI A , BRAVETTI M , GORRIERI R . A process-algebraic approach for the analysis of probabilistic noninterference[J]. Journal of Computer Security, 2004,12(2): 191-245.
[86]	FOCARDI R , GORRIERI R , MARTINELLI F . Real-time information flow analysis[J]. IEEE Journal on Selected Areas in Communications, 2003,21(1): 20-35.
[87]	SONG X M , JU S G , WANG C D ,et al. Information flow graph:an approach to identifying covert storage channels[C]// International Conference on Trusted Systems. Berlin:Springer, 2010: 87-97.
[88]	WU J Z , DING L P , WANG Y J ,et al. A practical covert channel identification approach in source code based on directed information flow graph[C]// Proceedings of 2011 Fifth International Conference on Secure Software Integration and Reliability Improvement. Piscataway:IEEE Press, 2011: 98-107.
[89]	WENDZEL S , . Protocol-independent detection of “messaging ordering” network covert channels[C]// Proceedings of the 14th International Conference on Availability,Reliability and Security(ARES’19). New York:ACM Press, 2019: 1-8.
[90]	LIU A Y , CHEN J , YANG L . Real-time detection of covert channels in highly virtualized environments[C]// Critical Infrastructure Protection V. Berlin:Springer, 2011: 151-164.
[91]	WANG L N , LIU W J , KUMAR N ,et al. A novel covert channel detection method in cloud based on XSRM and improved event association algorithm[J]. Security and Communication Networks, 2016,9(16): 3543-3557.
[92]	WU J Z , DING L P , WU Y J ,et al. C2Detector:a covert channel detection framework in cloud computing[J]. Security and Communication Networks, 2014,7(3): 544-557.
[93]	BETZ J , WESTHOFF D . C3-Sched—a cache covert channel robust cloud computing scheduler[C]// Proceedings of the 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014). Piscataway:IEEE Press, 2014: 54-60.
[94]	LIU A Y , CHEN J , WECHSLER H . Real-time covert timing channel detection in networked virtual environments[C]// IFIP International Conference on Digital Forensics. Berlin:Springer, 2013: 273-288.
[95]	YAN M J , SHALABI Y , TORRELLAS J . ReplayConfusion:detecting cache-based covert channel attacks using record and replay[C]// Proceedings of 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). Piscataway:IEEE Press, 2016: 1-14.

构建方法类别	文献	隐蔽通道类型	应用环境	特点
基于信息编解码	文献[24,47,69]	存储隐蔽通道	物联网移动通信网络车载自组网	发送方对隐蔽信息进行编码，接收方对隐蔽信息同步解码，获取隐蔽信息，通常隐蔽容量的大小取决于编解码速度
基于时间模式调节	文献[46,69]	时间隐蔽通道	物联网车载自组网	通过调节数据包的发送时间模式传输隐蔽信息，如包间间隔、包间时延等，通常具有较强的抗检测性，不过噪声等干扰易对该类隐蔽通道造成影响
基于协议扩展填充	文献[17,36,45]	存储隐蔽通道	物联网移动通信网络	通过扩展协议、填充空余字段等来隐藏隐蔽信息，该方法具有可拓展性，一般可以构建多个隐蔽通道，但隐蔽容量受限于具体协议的填充字段
基于恶意软件行为	文献[48-49]	行为隐蔽通道	物联网移动通信网络	恶意软件基于系统漏洞、用户行为等特性或行为特征，传输隐蔽信息，通常具有较强的抗检测性
基于流媒体调制	文献[20,24,36,50]	时间隐蔽通道存储隐蔽通道	移动通信网络	利用蜂窝语音流、视频流等流媒体作为通信载体，传输隐蔽信息，但是隐蔽通道容量往往较小
基于系统资源共享	文献[4,19,56-60]	存储隐蔽通道	云环境	通过共享或修改内存、缓存等系统资源实现隐蔽通信，通常能实现较大的隐蔽容量
基于物理介质调节	文献[21,64-65]	存储隐蔽通道	Air-gap系统	主要基于电磁信号、功率和温度等共享资源构建，往往隐蔽容量很小，且通信强度对距离存在较强的依赖性

检测方法	隐蔽通道类型	准确率	是否能盲检	形状指标	规律指标
K-S检验^[43]	Jitterbug	66%	是	√	―
	Jitterbug	86%	是	√	―
	TR-CTC-HTTP	67%	是	√	―
韦尔奇t检验^[43]	TR-CTC-SSH	56%	是	√	―
	MB-CTC-HTTP	92%	是	√	―
	MB-CTC-SSH	95%	是	√	―
	TR-CTC-HTTP	60%	是	―	―
规律性检测^[43]	TR-CTC-SSH	69%	是	―	―
	MB-CTC-HTTP	60%	是	―	―
	MB-CTC-SSH	91%	是	―	―

检测方法	召回率	精确率	准确率	F1指标
决策树^[74]	95.17%	96.01%	99.71%	—
支持向量机^[75]	97%	100%	98.5%	98.48%
神经网络^[77]	97.56%	96.75%	97%	97.15%
支持向量机^[78]	85%	88%	—	86%
KNN^[78]	96%	96%	—	96%
朴素贝叶斯^[78]	88%	89%	—	88%
Logistic回归^[78]	91%	91%	—	90%

检测方法	隐蔽通道类型	真阳率	假阳率	是否能盲检
基于K-L散度^[41]	存储隐蔽通道	100%	0	否
基于修正条件熵^[81]	时间隐蔽通道	100%	1%	是
基于修正条件熵^[83]	存储隐蔽通道	97%	1%	是
基于香农熵^[83]	存储隐蔽通道	85%	2%	是

检测方法	隐蔽通道类型	是否能盲检	优点	缺点
基于信息流图^[87]	存储隐蔽通道	是	可以完整表示系统的信息流，不需要额外改变参数	信息流图存在伪通信路径问题且检测开销较大
基于有向信息流图^[88]	操作系统隐蔽通道	是	该方法检测效率较高且适用于多个系统	当系统源代码量很大时，检测开销也会较大

泛在网络环境下隐蔽通道关键技术研究综述

Survey on key technologies of covert channel in ubiquitous network environment

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 95

相关文章 3

Metrics

推荐阅读 0

检测方法类别	隐蔽通道类型	特点
基于统计	时间隐蔽通道存储隐蔽通道	主要通过统计隐蔽流量的规律性、形状特征或分析特殊字段的属性分布，以识别隐蔽通道
基于机器学习	时间隐蔽通道存储隐蔽通道	主要通过挖掘隐蔽流量的特征，建立机器学习分类模型来发现隐蔽通道
基于信息论	时间隐蔽通道存储隐蔽通道	主要基于熵理论来区分隐蔽流量和合法流量
基于信息流分析	时间隐蔽通道存储隐蔽通道	主要通过分析系统中信息流属性来识别隐蔽通道
其他检测方法	时间隐蔽通道存储隐蔽通道	主要针对具体通信环境下共享资源的特性进行分析，以检测隐蔽通道

[1]	简鑫,曾孝平,贾云健,杨俊逸,贺渊. 机器类通信流量建模与过载控制[J]. 通信学报, 2013, 34(9): 123-131.
[2]	潘甦,叶强,刘胜美. 泛在网络中的等效频谱带宽概念及其在异构网络切换中的应用[J]. 通信学报, 2012, 33(3): 130-136.
[3]	干宗良,齐丽娜,唐贵进,朱秀昌. 泛在网络中基于压缩感知的Wyner-Ziv空域可分级视频编码[J]. 通信学报, 2010, 31(11): 41-48.

方法类别	检测方法	隐蔽通道类型	准确率	是否能盲检	优点	缺点
基于统计	基于统计^[70]	存储隐蔽通道	100%	否	检测精度更高，假阳性率更低	需要较大的计算缓冲区，检测开销大
	基于机器学习^[74]	时间隐蔽通道	99.71%	否	检测精度较高，且适合于特征明显的数据集	当网络流量多样化，特征不明显时，检测效果不佳，且不具备盲检能力
基于机器学习	基于支持向量机^[75]	时间隐蔽通道	98.5%	是	通用检测框架具有盲检能力	对于网络抖动隐蔽通道的检测性能略差
	基于机器学习^[76]	存储隐蔽通道	99.92%	否	算法采用动态识别模型，对于新生成的恶意域名可以更新识别	模型动态调整自己的识别模型对网络特性和需求的影响，检测率可能会降低
基于信息论	基于部分熵^[80]	Jitterbug （时间隐蔽通道）	97.4%～100%	否	在网络抖动产生较高误码率的情况下也有较好的检测性能，在较短时间检测窗口下有较高的检测速度	不具备盲检能力
其他检测方法	基于可压缩修正分数^[89]	存储隐蔽通道	94.81%	否	检测精度较高	检测依赖于 PDU 的数目，当检测的 PDU 较少时，精度会降低，不具备盲检能力
	基于重放混淆^[95]	存储隐蔽通道	99.5%	否	检测方法覆盖率高，结果比较准确	抗噪性较差且检测开销大