Research On The Key Techniques Of Real-time Detecting Covert-channel Over Network Streams

The rapid development of computational power poses a great challenge to the classic information security technology based on cryptography.So covert network communication technology based on information hiding has been proposed and applied.According to literature review,research on covert network communication technology with speech streaming media as carrier has received great attention and has been widely applied in the fields of finance,commerce,national defense and national security.However,covert network communication technology is regarded as a "double-edged sword",which guarantees social stability and national security,but could be used by illegal persons to steal information or engage in criminal activities.Therefore,how to accurately detect the covert communication behavior in real time has become a frontier topic of information security.The research of covert network communication mainly includes the establishment of model,the construction and detection of covert channel.The accepted model of covert channel has been established successfully,so the methods of constructing covert channel based on it are emerging one after another.However,compared with the construction of covert channels,there are still many problems such as lack of theoretical models and breakthrough on the key technologies in real-time detection for covert channels over streaming media.In view of the research background and current situation,it is to improve the real-time and accuracy of detecting the covert channel in network speech streaming in this thesis,which focuses on 3 aspects,such as the real-time detection model of covert network communication,the steganalysis algorithm of the RTP and compressed speech in VoIP streams.The innovation and contributions of the thesis are summarized as follows:(1)A real-time detection model for covert channel in network speech streaming media is established.Because of the multi-dimensional structure and real-time characteristics of VoIP,the model structure of steganography detection on VoIP carrier is completely different from that of the static storage files such as image or audio and video.So the detection model for image steganography cannot be directly applied to streaming media steganalysis.Therefore,a real-time steganographic detection model for covert channels with multidimensional network speech streaming media is proposed in this thesis.The model supports the real-time acquisition,analysis and detection of network streaming media,and can also solve the integration of the heterogeneous steganalysis algorithm,and fill a gap of the real-time detection model of covert channel for the network streaming media(2)Two steganalysis algorithms on different features in protocol domain of network speech streaming are proposed.As one of the main transport protocols of VoIP streaming media,RTP/RTCP has created favorable conditions for the construction covert channels due to its head redundancy.So storage steganography algorithm for the least significant bits of the RTP timestamp is analyzed,the detection method based on clustering using the area difference between 2 best-fit curves is then proposed,the experimental results show that the detection precision of the algorithm reaches 100%.At the same time,for the time-division steganography algorithm of the number of sending packets of RTP/RTCP,histogram similarity matching using the number of packets is given.The experimental results show that the detection accuracy is over 65% when the false alarm rate is 10%.(3)Two efficient steganalysis algorithms for different speech coding are proposed.Because the load domain in the multi-dimensional structure of network voice streaming media is one of the main spaces for the construction covert channel.In addition the network voice has a variety of coded forms,where the high rate speech coding and the low rate mixed coding are the major patterns,so there are different steganographic algorithms for different encoding forms.Combining the signal processing technology(wavelet transform and derivative),the thesis improves the traditional Markov model into a Markov bidirectional transfer probability model which better expresses the correlation of speech signals for resolving steganalysis problems of low embedding rate LSB in PCM speech coding,and the experimental results show that the algorithm realises the detection accuracy of 68.5% when the embedding rates is only 3%.For the steganography detection problem of QIM-CNV in low rate speech coding,taking advantage of alteration to codeword distribution caused by QIM steganagrphy and considering the time sequence and the correlation of the inter-intra codewords,the BiLSTM model with time memory and the anti-vanishing of the gradient which can express "past" and "future" information is designed,and achieves an accurate and fast detection results,when the time length is 3s and the embedding rate is 50%,accuracy is 96.9%.Research contents in three aspects of the paper are interrelated and mutually supportive,which constitutes overall research and reflects the systematicness of the research.The model is the theoretical basis of the detection algorithm integration,and detection algorithm is the the realization and verification of the application value of the model.