【作者】 杨岳湘；

【导师】 卢锡城；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2008， 博士

【摘要】 信息隐藏与网络流量检测分别是信息安全领域中内容安全和运行安全的重要基础技术。论文以小波及其推广—Bandelet变换为主要理论工具,结合经验模式分解和支持向量机方法,研究了二维图像和三维地形的信息隐藏方法、网络流量异常和P2P流量检测方法。论文主要研究内容和贡献如下:基于新型小波—Bandelet的二维图象信息隐藏方法的研究。传统的数字水印一般通过修改图像数据达到信息隐藏的目的,不适用于保护不允许修改的图像数据,针对这一问题,提出了一种特征级无损数字水印方法。该方法首先对图像实施小波变换,变换后的中高频部分采用Bandelet跟踪图像几何流,将纹理和边缘作为图像的特征构造出图像高频无损水印参数。对于小波变换的低频系数,通过计算矩阵范数,得到低频系数水印参数,从而达到提取图像统计和边缘特征、对图像实现全面保护的目的。实验验证了算法对于各种图像处理攻击和统计攻击有良好的稳健性,能够广泛用于对不可修改数据的保护。基于小波的三维地形数据信息隐藏方法的研究。研究了基于小波和Hash函数的DEM信息隐藏,提出了多组DEM数据融合伪装传输的算法,该算法可以从隐藏数据中恢复多组真实的DEM数据,大大提高了数据传输效率和安全性;通过改进基于行小波变换及其编码,在保持地形形状和起伏特征的前提下,实现高程数据的极低比特率低存储压缩;结合可嵌入隐藏信息的小波系数集合生成方法与基于视觉系统(HVS)小波域量化噪声的视觉权重(JND)分析技术,提出了自适应确定信息嵌入强度的方法,隐藏过程采用分组密码Rijndael生成单向Hash函数,因此算法高度安全、可以公开;利用小波、方向经验模式分解(DEMD)实施图像的纹理分割,将图像分为纹理(高频)部分和非纹理(低频)部分,从而得到高精度的图像分解,在此基础上提出了基于矩阵偏差度的DEM水印算法,嵌入水印的DEM可以基本保持地形形状和起伏特征,并具有在没有原图的情况下提取水印的能力。基于小波的网络流量异常检测方法的研究。利用奇异性理论并结合统计学方法,提出了小波方差流量异常检测方法,并对不同的异常流量采用不同的小波函数进行检测,得到检测效果较好的小波函数,该方法简单、实用;采用信息熵来描述网络流量的表征信息,提出了基于小波和信息熵的网络流量异常检测方法,不仅增强了对异常的检测能力,而且方便了流量异常的分类。实验表明,该方法检测效率高、误报率低。基于小波与支持向量机的P2P网络流量检测方法的研究。提出了基于双重特征的P2P流量检测方法,该方法利用流量和深层数据包两种特征检测P2P流量,提高了检测效率和检测精度,是一个较准确、高效的P2P流量实时识别方法;进一步提出了基于小波基核函数支持向量机的P2P流量检测方法,该方法通过迭代训练提高检测精度,能较好地从网络流量中分离出P2P流量。最后,设计了一种能够进行应用级分类的检测方法,实验表明,该方法不仅效率高,适合于P2P实时流量检测,而且可以通过调整系统参数实现高精度检测。更多还原

【Abstract】 Information hiding and network traffic detection are important and fundamental techniques of content security and operation security respectively in information security. Mainly based on wavelet and its generalizations-bandelet, coupled with empirical model decomposition and support vector machine, this thesis deals with new algorithms for information hiding of two-dimensional images and three-dimensional landform data, and detection of network traffic anomalies as well as identification of P2P. The main contributions of the thesis are as follows:The algorithms of information hiding for two-dimensional images via new types of wavelet-bandelet are proposed. The traditional watermark protects the digital image by modifying the image data to hide the information used to authenticate the image copyright. It is not applicable to the protection of images which are not permitted to be changed. Lossless watermarking of characteristic class is proposed. Wavelet transform is first performed for the original image, then transformed for the high and middle frequency part of the image. The geometric flow is traced by bandelet. Texture and edge as the feature parameters of the image are used to construct lossless watermarking of high frequency. For low frequency part of wavelet coefficients, a new watermarking scheme is then proposed by selecting optimal matrix norm. The method is used to protect the image from all-around attacks by drawing the statistical character and the edge of the image. The experimental tests show that the proposed approach is robust to image processing and statistics attacks, and can be widely used to protect data which are not permitted to be modified.The algorithms for three-dimensional landform data hiding are proposed on the basis of the wavelet theory. The original image is not required in the first algorithm, and varied true DEM data can be reconstructed from the hidden information to greatly improve the efficiency and security of datum transmission. In the second algorithm, a modified line-based wavelet and its coding is performed to keep the terrain figure and hypsography, and the terrain information is compressed into low bit ratio and little memory. A new method is obtained, by which the strength of the embedding data is image-adaptive according to the quantization noise of wavelet by using the wavelet coefficient set which can be embedded into hidden information, coupled with the maximum strength of Just Noticeable Distortion (JND) tolerance of Human Visual System (HVS).The proposed algorithm is highly safe and the algorithm can be made public because the hiding process is achieved by Rijndael code to construct Hash one-way function. For data elevation model, DEM image is decomposed into the texture (high frequency part) and other parts (low frequency part) by combining wavelet and directional empirical model decomposition (DEMD), and the highly precise decomposition of the DEM image is obtained. According to this decomposition, a novel matrix-deviation-based watermarking approach is proposed. The proposed approach is used to keep the terrain figure and hypsography and extract water watermarking from the hidden information without the original image.Based on the wavelet theory , the algorithms for anomaly detection of network traffic are proposed. First, a method for anomaly detection of network traffic called wavelet variance detection method is proposed, which stems from wavelet singularity theory and statistics. The various wavelet functions are applied to detection so that better wavelet functions can be performed. This method is simple and practical. Moreover, information entropy is used to describe the features of network traffic, and the method for anomaly detection of network traffic based on wavelet and information entropy is proposed. As a result, the detection ability of the anomalies is enhanced, and the classification process becomes more convenient. The experimental results show that the method is efficient and accurate.Based on the wavelet and support vector machine theories, the algorithms for identification P2P traffic are proposed. Firstly, a P2P traffic identification method based on twofold features is proposed. By the simultaneous use of the traffic and payload features, this method improves the efficiency and accuracy of the identification, and therefore is promising for its application to real-time detection. Secondly, a P2P traffic identification method based on the support vector machine with wavelet-based kernel function is proposed. With this method, an iterative training process is adopted to achieve better accuracy. Lastly, an identification method for application-level classification is proposed. Experimental results show that this method is efficient, suitable for real-time traffic identification, and the identification accuracy can be improved by manipulated parameters.更多还原