CN113923047B - Covert communication method, covert communication device, covert communication system, computer and readable storage medium - Google Patents
Covert communication method, covert communication device, covert communication system, computer and readable storage medium Download PDFInfo
- Publication number
- CN113923047B CN113923047B CN202111299988.2A CN202111299988A CN113923047B CN 113923047 B CN113923047 B CN 113923047B CN 202111299988 A CN202111299988 A CN 202111299988A CN 113923047 B CN113923047 B CN 113923047B
- Authority
- CN
- China
- Prior art keywords
- data
- time
- control end
- rule
- sending
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims description 36
- 238000004590 computer program Methods 0.000 claims description 11
- 241000195940 Bryophyta Species 0.000 claims description 7
- 235000011929 mousse Nutrition 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 description 9
- 230000008901 benefit Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000006399 behavior Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 108010001267 Protein Subunits Proteins 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L15/00—Apparatus or local circuits for transmitting or receiving dot-and-dash codes, e.g. Morse code
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/04—Protocols for data compression, e.g. ROHC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Communication Control (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a covert communication method, a device, a system, a computer and a readable storage medium, wherein the covert communication method comprises the following steps: receiving a data reading program sent by a control terminal; and obtaining local target data by running the data reading program, converting the target data into a data packet according to a preset coding rule, and sending the data packet to the control end, so that the control end receives and analyzes the data packet according to the coding rule to obtain the target data, wherein the data in the data packet is the communicable data identified by safety protection equipment in the host. The application obtains the target data by receiving the data reading program and according to the data reading program, converts the target data into the data packet which is not intercepted by the safety protection equipment according to the preset coding rule, and sends the data packet to the control end, so that the control end can analyze the data packet according to the coding rule, and the target data is received and obtained in a concealed mode.
Description
Technical Field
The present application relates to the field of computers, and in particular, to a covert communication method, apparatus, system, computer, and readable storage medium.
Background
Based on security consideration, security protection equipment such as a firewall is usually arranged in the host, and in the process of network communication data interaction between the host and other user terminals, the security protection equipment usually detects target data to prevent the data from being stolen and attacked.
However, in order to ensure social security, related professional departments have a need for intercepting target data so as to perform security analysis on the target data. At present, when a professional department acquires target data in a host, the transmission behavior from inside to outside is easily discovered and intercepted by safety protection equipment, so that the professional department cannot successfully acquire the target data, and inconvenience is brought to the work of the professional department.
Disclosure of Invention
The embodiment of the application provides a hidden communication method, a device, a system, a computer and a readable storage medium, which at least solve the problem that when a professional department needs to acquire target data in the related technology, the transmission behavior from inside to outside is easily discovered and intercepted by safety protection equipment, so that the professional department cannot acquire the target data smoothly.
In a first aspect, an embodiment of the present application provides a covert communication method, including:
receiving a data reading program sent by a control terminal;
And obtaining local target data by running the data reading program, converting the target data into a data packet according to a preset coding rule, and sending the data packet to the control end, so that the control end receives and analyzes the data packet according to the coding rule to obtain the target data, wherein the data in the data packet is the communicable data identified by safety protection equipment in the host.
In some embodiments, the step of converting the target data into a data packet according to a preset encoding rule and sending the data packet to the control end includes:
compiling each character of the target data according to a Morse code rule to form code data consisting of a plurality of Morse codes;
And converting the coded data into a data packet and sending the data packet to the control terminal.
In some embodiments, the morse code comprises three different signals, and the step of converting the coded data into data packets and sending the data packets to the control terminal comprises:
Determining a preset sending rule of a data packet according to the coded data, and sending the data packet to the control end according to the sending rule, wherein the sending rule is that a first time is taken as a first signal of the Morse code by taking a sending time interval of two data packets as a first time, a second time is taken as a second signal of the Morse code by taking a sending time interval of two data packets as a second time, and a third time is taken as a spacing signal between characters by taking the sending time interval of two data packets as a third time, and the first time, the second time and the third time are different.
In some embodiments, the step of converting the target data into a data packet according to a preset encoding rule and sending the data packet to the control end includes:
and sending an initial message to the control end through the data reading program so that the control end starts to execute the step of receiving the data of the data packet when receiving the initial message, wherein the initial message comprises a plurality of data packets which are sequentially sent according to preset interval time.
In a second aspect, an embodiment of the present application provides a covert communication method, including:
the control end generates a data reading program and sends the data reading program to the host;
the host receives the data reading program;
The host acquires local target data by running the data reading program, converts the target data into a data packet according to a preset coding rule and sends the data packet to the control end, wherein the data in the data packet is the communicable data identified by safety protection equipment in the host;
And the control end receives and analyzes the data packet according to the coding rule to obtain the target data.
In some embodiments, the step of converting the target data into a data packet according to a preset encoding rule and sending the data packet to the control end includes:
The host sends an initial message to the control end through the data reading program so that the control end starts to execute the step of receiving the data of the data packet when receiving the initial message, wherein the initial message comprises a plurality of data packets which are sequentially sent according to preset interval time;
the step of converting the target data into a data packet according to a preset coding rule and sending the data packet to the control end comprises the following steps:
the host compiles each character of the target data according to a Morse code rule to form code data consisting of a plurality of Morse codes, wherein the Morse codes comprise three different signals;
The host determines a preset transmission rule of a data packet according to the encoded data, and transmits the data packet to the control end according to the transmission rule, wherein the transmission rule is that a transmission time interval of two data packets is taken as a first signal of the Morse encoding, a transmission time interval of two data packets is taken as a second signal of the Morse encoding, a transmission time interval of two data packets is taken as a third time of the data packets as an interval signal between characters, and the first time, the second time and the third time are different
The step of the control end receiving and analyzing the data packet according to the coding rule to obtain the target data comprises the following steps:
The control end receives the initial message and records the receiving time of a plurality of data packets after the initial message;
The control end determines a sending rule of the data packet according to the receiving time interval of every two data packets, and obtains the coded data according to the sending rule;
and the control end analyzes the coded data according to the Morse code coding rule to obtain the target data.
In a third aspect, an embodiment of the present application provides a covert communication device, applied to a host, where the covert communication device includes:
The receiving module is used for receiving the data reading program sent by the control end;
The sending module is used for obtaining local target data by running the data reading program, converting the target data into a data packet according to a preset coding rule, and sending the data packet to the control end, so that the control end receives the data packet and analyzes the data packet according to the coding rule to obtain the target data, wherein the data in the data packet is the communicable data identified by safety protection equipment in the host.
In some of these embodiments, the transmitting module includes: a processing unit and a transmitting unit;
the processing unit is used for compiling each character of the target data according to a Morse code encoding rule to form encoded data consisting of a plurality of Morse codes;
the sending unit is used for converting the coded data into a data packet and sending the data packet to the control end.
In some embodiments, the processing unit and the sending unit are specifically configured to:
Determining a preset sending rule of a data packet according to the coded data, and sending the data packet to the control end according to the sending rule, wherein the sending rule is that a first time is taken as a first signal of the Morse code by taking a sending time interval of two data packets as a first time, a second time is taken as a second signal of the Morse code by taking a sending time interval of two data packets as a second time, and a third time is taken as a spacing signal between characters by taking the sending time interval of two data packets as a third time, and the first time, the second time and the third time are different.
The sending module is further configured to: and sending an initial message to the control end through the data reading program so that the control end starts to execute the step of receiving the data of the data packet when receiving the initial message, wherein the initial message comprises a plurality of data packets which are sequentially sent according to preset interval time.
In a fourth aspect, an embodiment of the present application provides a covert communication system, including: the hidden communication device and the control end in the embodiment;
The control end comprises:
the control module is used for generating a data reading program and sending the data reading program to the host;
And the analysis module is used for receiving and analyzing the data packet according to the coding rule to obtain the target data.
In some of these embodiments, the parsing module includes: a recording unit and an analyzing unit;
The recording unit is used for: receiving the initial message, and recording the receiving time of a plurality of data packets after the initial message;
the parsing unit is used for: determining a sending rule of the data packet according to the receiving time interval of every two data packets, and obtaining the coded data according to the sending rule;
and analyzing the coded data according to the Morse code coding rule to obtain the target data.
In a fifth aspect, an embodiment of the present application provides a computer, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements a covert communication method according to the first aspect when executing the computer program.
In a sixth aspect, an embodiment of the present application provides a readable storage medium, on which a computer program is stored, which when executed by a processor implements a covert communication method as described in the first aspect.
Compared with the related art, the hidden communication method provided by the embodiment of the application has the advantages that the target data is obtained through the data reading program, the obtained target data is converted into the data packet according to the preset coding rule and is sent to the control end, meanwhile, the data in the data packet is the communicable data identified by the safety protection equipment in the host, the data packet is ensured not to be found and intercepted by the safety protection equipment, and the professional department can receive and analyze the received data packet according to the coding rule to obtain the target data.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the other features, objects, and advantages of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
Fig. 1 is a flowchart of a covert communication method in a first embodiment of the application;
FIG. 2 is a flow chart of a method of covert communication in a second embodiment of the application;
FIG. 3 is a block diagram of a covert communication device in a third embodiment of the application;
fig. 4 is a block diagram showing the construction of a covert communication system in a fourth embodiment of the present application;
fig. 5 is a schematic diagram of the hardware configuration of a computer according to a fifth embodiment of the present application.
Detailed Description
The present application will be described and illustrated with reference to the accompanying drawings and examples in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. All other embodiments, which can be made by a person of ordinary skill in the art based on the embodiments provided by the present application without making any inventive effort, are intended to fall within the scope of the present application.
It is apparent that the drawings in the following description are only some examples or embodiments of the present application, and it is possible for those of ordinary skill in the art to apply the present application to other similar situations according to these drawings without inventive effort. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the described embodiments of the application can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. The terms "a," "an," "the," and similar referents in the context of the application are not to be construed as limiting the quantity, but rather as singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus. The terms "connected," "coupled," and the like in connection with the present application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., "a and/or B" may mean: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship. The terms "first," "second," "third," and the like, as used herein, are merely distinguishing between similar objects and not representing a particular ordering of objects.
The first embodiment of the application provides a covert communication method. Fig. 1 is a flowchart of a covert communication method according to an embodiment of the present application, as shown in fig. 1, the flowchart including the steps of:
step S101, receiving a data reading program sent by the control end. In this step, the data reading program may read the relevant target data and analyze the relevant target data.
Step S102, obtaining local target data by running the data reading program, converting the target data into a data packet according to a preset coding rule, and sending the data packet to the control end, so that the control end receives and analyzes the data packet according to the coding rule to obtain the target data, wherein the data in the data packet is the communicable data identified by safety protection equipment in the host. In some application scenarios of this embodiment, the host sends a data packet to the control end based on ICMP protocol.
ICMP, collectively referred to as Internet Control Message Protocol, is an Internet control message protocol, as will be readily appreciated. It is a sub-protocol of the TCP/IP protocol suite for passing control messages between IP hosts, routers. Control messages refer to messages of the network itself, such as network failure, whether a host is reachable, whether a route is available, etc., and these control messages do not transmit user data, which plays an important role in the transfer of information.
In addition, since the ICMP protocol is prohibited, the checking of the commands such as ping and tracert, etc. which are not communicated with the network, becomes very difficult, and not only is the network very inconvenient to manage and maintain, but also serious problems such as black hole routers, etc. occur, so that the ICMP protocol of the general user is in an on state.
Because the ICMP protocol in the host is usually in an on state, the step of sending the data packet to the control end is advantageously performed in this embodiment, and in addition, some safety protection devices are deployed by some users, and state detection or message analysis can be performed on the data packet, i.e., the ICMP flow message, for example, whether there is data leakage in source IP, destination IP, ICMP session ID, transmission content or whether the length of the transmission content is compliant according to the ICMP protocol format, so as to achieve the purpose of preventing network attack based on the ICMP protocol.
However, the above-mentioned security protection device generally can only detect by judging whether the transmission content is messy and whether the request content and the response content corresponding to the target transmission identifier are the same, and the data packet in the normal ICMP message format cannot be found and intercepted.
The steps S101 to S102 are implemented by receiving a data reading program, acquiring target data according to the data reading program, converting the target data into a data packet which cannot be intercepted by safety protection equipment according to a preset coding rule, and sending the data packet to a control end through an ICMP protocol, so that the control end can analyze the data packet according to the coding rule, and the target data is received and acquired in a concealed manner, thereby solving the problem that when a professional department needs to acquire the target data, the transmission behavior from inside to outside is easily discovered and intercepted by the safety protection equipment, so that the professional department cannot successfully acquire the target data, and inconvenience is brought to the work of the professional department.
The second embodiment of the application also provides a hidden communication method. Fig. 2 is a flowchart of another covert communication method according to an embodiment of the present application, as shown in fig. 2, the flowchart including the steps of:
In step S201, the control end generates a data reading program and sends the data reading program to the host. In this step, the data reading program may be attached to the pdf document or the office document carrier by the above-described socioeconomic means, and the target host may be implanted.
In step S202, the host obtains local target data by running the data reading program. In this step, the target data to be acquired is correspondingly acquired by a preset data reading program.
In step S203, the host compiles each character of the target data according to the morse code rule to form code data composed of a plurality of morse codes. In this step, the letters and numbers can be compiled and converted by the Morse code according to the Morse code comparison table, and each character of the target data is converted into a plurality of Morse codes.
Step S204, after the host sends a start message to the control end through the data reading program, determining a preset transmission rule of a data packet according to the encoded data, and sending the data packet to the control end according to the transmission rule. The initial message comprises a plurality of data packets which are sequentially transmitted according to preset interval time, the transmission rule is that a first signal of the Morse code is used as a first time of a transmission time interval of two data packets, a second signal of the Morse code is used as a second time of the transmission time interval of the two data packets, a third time of the transmission time interval of the two data packets is used as an interval signal between characters, and the first time, the second time and the third time are different.
It should be noted that, the initial packet in this step is also a packet sent based on the ICMP protocol, and the content of the initial packet is not particularly limited, specifically, in this embodiment, the initial packet includes nine packets that are continuously sent at eight first time intervals, and when the control unit receives the nine packets that are consistent with being sent at eight first time intervals, it indicates that the received packets are related to the target data to be acquired subsequently, and the time interval between the last one of the nine packets and the one packet to be sent subsequently corresponds to the first mousse code in the coded data. By way of example, but not limitation, in other embodiments of the present application, the initial message may further include a plurality of data packets sequentially transmitted at a second time or a third time as a time interval, and further include a plurality of data packets transmitted at a plurality of fourth times as a time interval, where the fourth times are different from the first time, the second time, and the third time.
Specifically, in this step, the data packet is sent to the control end through the ICMP protocol, and the sending rule includes a first time T1 and a second time T2, and corresponds to the long signal and the short signal in the mousse code respectively, and because of factors such as network delay, in this embodiment, the T1 and the T2 need to be significantly different. In this step, the first time T1 and the second time T2 are written into the data reading program in advance by the user, and the data reading program correlates the acquired target data with the long signal and the short signal of the mousse code, and the data is executed by controlling the form of the time interval for transmitting the data packet. It will be appreciated that, in order to facilitate distinguishing the interval part of the long signal from the short signal between each character, the above-mentioned transmission rule further includes a third time T3 corresponding to the character interval signal in the morse code, and by distinguishing between each character at intervals by the interval signal, the accuracy of the target data transmission is ensured. In this embodiment, the first time, the second time, and the third time are all different.
Step S205, the control end receives the initial message and records the receiving time of the data packets after the initial message. Specifically, to ensure accuracy of the received data, the message as the start signal is composed of a plurality of messages sent at intervals, and in this embodiment, the last data packet in the received start message, that is, when the start message with the same time interval as the start message is received, the receiving time of the last data packet is recorded, and the interval of the receiving time of the subsequent data packet corresponds to the target data.
Step S206, the control end determines the sending rule of the data packet according to the record, and obtains the encoded data according to the sending rule.
And step S207, the control end analyzes the coded data according to the Morse code coding rule to obtain the target data.
As can be easily understood, in some application scenarios of this embodiment, when a start packet is received, that is, 8 Echo (ping) request packets with an interval of T1 are continuously received, when a user receives the start packet sent by a controlled target host, a first time M1 is recorded in a last packet of the start packet, and a time when a subsequent packet of the start packet is received is recorded as a second time M2, that is, a time interval t=m2-M1 between the first packet of the start packet and the last packet of the start packet is received, where the time interval T corresponds to one of the first time T1 and the second time T2.
And the control end acquires the corresponding first signal, second signal and interval signal according to the receiving time interval of every two data packets. In the step, a plurality of Morse codes of corresponding ordered combinations are obtained through the first signal and the second signal, and the plurality of Morse codes corresponding to each character are separated at intervals through the interval signal, so that a control end can conveniently obtain target data by referring to the existing Morse code comparison table.
The step S201 to the step S207 are implemented by controlling the sending frequency of the data packet, compiling the target data to be obtained into a plurality of data packets sent at a certain frequency through a corresponding mousse coding algorithm, sending the data packets based on an ICMP protocol according to the frequency, and meanwhile, the data packets are communicable data trusted by the safety protection device, so that the user can obtain the receiving interval time between two data packets only by recording the time of receiving the data packets on the premise of ensuring the feasibility of data transmission, and then converting the receiving interval time with the first signal, the second signal and the interval signal correspondingly through the mousse code comparison table, thereby receiving the target data to be obtained in a concealed manner, and solving the problem that the target data can be intercepted by the safety protection device when the professional department obtains the related target data.
The third embodiment of the present application further provides a covert communication device, which is used for implementing the embodiments and the preferred embodiments, and the description thereof is omitted. As used below, the terms "module," "unit," "sub-unit," and the like may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 3 is a block diagram of a covert communication device according to an embodiment of the application, as shown in fig. 3, comprising:
a receiving module 22, configured to receive a data reading program sent by the control end;
the sending module 23 is configured to obtain local target data by running the data reading program, convert the target data into a data packet according to a preset encoding rule, and send the data packet to the control end, so that the control end receives and parses the data packet according to the encoding rule, and obtain the target data, where data in the data packet is communicable data identified by a safety protection device in the host.
In this embodiment, the transmitting module 23 includes: a processing unit and a transmitting unit;
the processing unit is used for compiling each character of the target data according to a Morse code encoding rule to form encoded data consisting of a plurality of Morse codes;
the sending unit is used for converting the coded data into a data packet and sending the data packet to the control end.
In some embodiments, the processing unit and the sending unit are specifically configured to:
Determining a preset sending rule of a data packet according to the coded data, and sending the data packet to the control end according to the sending rule, wherein the sending rule is that a first time is taken as a first signal of the Morse code by taking a sending time interval of two data packets as a first time, a second time is taken as a second signal of the Morse code by taking a sending time interval of two data packets as a second time, and a third time is taken as a spacing signal between characters by taking the sending time interval of two data packets as a third time, and the first time, the second time and the third time are different.
The sending module is further configured to: and sending an initial message to the control end through the data reading program so that the control end starts to execute the step of receiving the data of the data packet when receiving the initial message, wherein the initial message comprises a plurality of data packets which are sequentially sent according to preset interval time.
It can be understood that the principles mentioned in the hidden communication device in this embodiment correspond to the hidden communication method in the first embodiment of the present application, and related principles not described in detail may be correspondingly referred to the first embodiment, which is not repeated herein.
A fourth embodiment of the present application provides a covert communication system, wherein;
fig. 4 is a block diagram of a covert communication system according to an embodiment of the application, as shown in fig. 4, comprising: a host 20 and a control terminal 10;
The host 20 includes the covert communication device 21 in the above embodiment;
The control terminal 10 includes:
a control module 11, configured to generate a data reading program and send the data reading program to a host;
and the parsing module 12 is configured to receive and parse the data packet according to the encoding rule, so as to obtain the target data.
Specifically, in the present embodiment, the parsing module 12 includes: a recording unit and an analyzing unit;
The recording unit is used for: receiving the initial message, and recording the receiving time of a plurality of data packets after the initial message;
the parsing unit is used for: determining a sending rule of the data packet according to the receiving time interval of every two data packets, and obtaining the coded data according to the sending rule;
and analyzing the coded data according to the Morse code coding rule to obtain the target data.
It can be understood that the principles mentioned in the covert communication system in this embodiment correspond to the covert communication method in the second embodiment of the present application, and the related principles not described in detail can be correspondingly referred to the second embodiment, which is not repeated herein.
The respective modules may be functional modules or program modules, and may be implemented by software or hardware. For modules implemented in hardware, the various modules may be located in the same processor; or the modules may be located in different processors, respectively, in any combination.
A fifth embodiment of the application provides a computer, as shown in fig. 5, which may include a processor 81 and a memory 82 storing computer program commands.
In particular, the processor 81 may include a Central Processing Unit (CPU), or an Application SPECIFIC INTEGRATED Circuit (ASIC), or may be configured as one or more integrated circuits that implement embodiments of the present application.
The memory 82 may include, among other things, mass storage for data or commands. By way of example, and not limitation, memory 82 may comprise a hard disk drive (HARD DISK DRIVE, abbreviated HDD), floppy disk drive, solid state drive (Solid STATE DRIVE, abbreviated SSD), flash memory, optical disk, magneto-optical disk, magnetic tape, or universal serial bus (Universal Serial Bus, abbreviated USB) drive, or a combination of two or more of these. The memory 82 may include removable or non-removable (or fixed) media, where appropriate. The memory 82 may be internal or external to the data processing apparatus, where appropriate. In a particular embodiment, the memory 82 is a Non-Volatile (Non-Volatile) memory. In particular embodiments, memory 82 includes Read-Only Memory (ROM) and random access Memory (Random Access Memory, RAM). Where appropriate, the ROM may be a mask-programmed ROM, a programmable ROM (ProgrammableRead-Only Memory, abbreviated PROM), an erasable PROM (Erasable Programmable Read-Only Memory, abbreviated EPROM), an electrically erasable PROM (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, abbreviated EEPROM), an electrically rewritable ROM (ELECTRICALLY ALTERABLE READ-Only Memory, abbreviated EAROM), or a FLASH Memory (FLASH), or a combination of two or more of these. The RAM may be a Static Random-Access Memory (SRAM) or a dynamic Random-Access Memory (Dynamic Random Access Memory DRAM), where the DRAM may be a fast page mode dynamic Random-Access Memory (Fast Page Mode Dynamic Random Access Memory, FPMDRAM), an extended data output dynamic Random-Access Memory (Extended Date Out Dynamic Random Access Memory, EDODRAM), a synchronous dynamic Random-Access Memory (Synchronous Dynamic Random-Access Memory, SDRAM), or the like, as appropriate.
Memory 82 may be used to store or cache various data files that need to be processed and/or communicated, as well as possible computer program commands executed by processor 81.
The processor 81 implements any of the covert communication methods of the above embodiments by reading and executing computer program commands stored in the memory 82.
In some of these embodiments, the computer may also include a communication interface 83 and a bus 80. As shown in fig. 5, the processor 81, the memory 82, and the communication interface 83 are connected to each other through the bus 80 and perform communication with each other.
The communication interface 83 is used to enable communication between modules, devices, units and/or units in embodiments of the application. The communication interface 83 may also enable communication with other components such as: and the external equipment, the image/data acquisition equipment, the database, the external storage, the image/data processing workstation and the like are used for data communication.
Bus 80 includes hardware, software, or both, coupling the components of the computer to one another. Bus 80 includes, but is not limited to, at least one of: data Bus (Data Bus), address Bus (Address Bus), control Bus (Control Bus), expansion Bus (Expansion Bus), local Bus (Local Bus). By way of example, and not limitation, bus 80 may include a graphics acceleration interface (ACCELERATED GRAPHICS Port, abbreviated as AGP) or other graphics Bus, an enhanced industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) Bus, a Front Side Bus (Front Side Bus, abbreviated as FSB), a HyperTransport (abbreviated as HT) interconnect, an industry standard architecture (Industry Standard Architecture, abbreviated as ISA) Bus, a wireless bandwidth (InfiniBand) interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a micro channel architecture (Micro Channel Architecture, abbreviated as MCA) Bus, a peripheral component interconnect (PERIPHERAL COMPONENT INTERCONNECT, abbreviated as PCI) Bus, a PCI-Express (PCI-X) Bus, a serial advanced technology attachment (SERIAL ADVANCED Technology Attachment, abbreviated as SATA) Bus, a video electronics standards Association local (Video Electronics Standards Association Local Bus, abbreviated as VLB) Bus, or other suitable Bus, or a combination of two or more of these. Bus 80 may include one or more buses, where appropriate. Although embodiments of the application have been described and illustrated with respect to a particular bus, the application contemplates any suitable bus or interconnect.
In addition, in combination with the covert communication method in the above embodiments, a sixth embodiment of the present application provides a readable storage medium. The readable storage medium having stored thereon computer program commands; the computer program command, when executed by a processor, implements any of the covert communication methods of the embodiments described above.
The technical features of the above-described embodiments may be arbitrarily combined, and for brevity, all of the possible combinations of the technical features of the embodiments are not described, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.
Claims (6)
1. A covert communication method, characterized in that it is applied in a host computer, said covert communication method comprising:
receiving a data reading program sent by a control terminal;
The local target data are obtained by running the data reading program, and all characters of the target data are compiled according to a Morse code encoding rule to form encoded data composed of a plurality of Morse codes;
After sending an initial message to a control end through the data reading program; the initial message comprises a plurality of data packets which are sequentially sent according to preset interval time;
Determining a preset sending rule of a data packet according to the coded data, sending the data packet to the control end according to the sending rule, so that the control end receives the initial message, records the receiving time of a plurality of data packets after the initial message, determines the sending rule of the data packet according to the records, obtains the coded data according to the sending rule, analyzes the coded data according to the Morse code coding rule, and obtains the target data;
The data in the data packet is communicable data identified by safety protection equipment in the host;
the host sends the data packet to the control end based on an ICMP protocol;
The Morse code comprises three different signals, the transmission rule is that a transmission time interval of two data packets is taken as a first signal of the Morse code, a transmission time interval of the two data packets is taken as a second signal of the Morse code, a transmission time interval of the two data packets is taken as a third time of the two data packets as an inter-character interval signal, and the first time, the second time and the third time are different.
2. A method of covert communication comprising:
the control end generates a data reading program and sends the data reading program to the host;
the host receives the data reading program;
the host computer obtains local target data by running the data reading program, and compiles each character of the target data according to a Morse code encoding rule to form encoded data consisting of a plurality of Morse codes;
The host sends an initial message to a control end through the data reading program; the initial message comprises a plurality of data packets which are sequentially sent according to preset interval time; determining a preset transmission rule of a data packet according to the coded data, and transmitting the data packet to the control end according to the transmission rule;
The control end receives the initial message and records the receiving time of a plurality of data packets after the initial message;
The control end determines a sending rule of the data packet according to the record and obtains the encoded data according to the sending rule;
the control end analyzes the coded data according to the Morse code coding rule to obtain the target data;
The data in the data packet is communicable data identified by safety protection equipment in the host;
the host sends the data packet to the control end based on an ICMP protocol;
the mousse code comprises three different signals;
The transmission rule is that a transmission time interval of two data packets is taken as a first time to be used as a first signal of the Morse code, a transmission time interval of the two data packets is taken as a second time to be used as a second signal of the Morse code, a transmission time interval of the two data packets is taken as a third time to be used as a spacing signal between characters, and the first time, the second time and the third time are different.
3. A covert communication device for use in a host, said covert communication device comprising:
The receiving module is used for receiving the data reading program sent by the control end;
The sending module is used for obtaining local target data by running the data reading program, compiling each character of the target data according to a Morse code encoding rule, and forming encoded data composed of a plurality of Morse codes; after sending an initial message to a control end through the data reading program; the initial message comprises a plurality of data packets which are sequentially sent according to preset interval time; determining a preset sending rule of a data packet according to the coded data, sending the data packet to the control end according to the sending rule, so that the control end receives the initial message, records the receiving time of a plurality of data packets after the initial message, determines the sending rule of the data packet according to the records, obtains the coded data according to the sending rule, analyzes the coded data according to the Morse code coding rule, and obtains the target data; the data in the data packet is communicable data identified by safety protection equipment in the host; the host sends the data packet to the control end based on an ICMP protocol;
the mousse code comprises three different signals;
The transmission rule is that a transmission time interval of two data packets is taken as a first time to be used as a first signal of the Morse code, a transmission time interval of the two data packets is taken as a second time to be used as a second signal of the Morse code, a transmission time interval of the two data packets is taken as a third time to be used as a spacing signal between characters, and the first time, the second time and the third time are different.
4. A covert communication system comprising a host and a control end, said host comprising the covert communication device of claim 3;
The control end comprises:
the control module is used for generating a data reading program and sending the data reading program to the host;
The analysis module is used for receiving the initial message, wherein the initial message comprises a plurality of data packets which are sequentially sent according to preset interval time; recording the receiving time of a plurality of data packets after the initial message, determining the sending rule of the data packets according to the record, obtaining the encoded data according to the sending rule, and analyzing the encoded data according to the Morse code encoding rule to obtain the target data.
5. A computer comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the covert communication method according to any of claims 1-2 when executing the computer program.
6. A readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the covert communication method according to any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111299988.2A CN113923047B (en) | 2021-11-04 | 2021-11-04 | Covert communication method, covert communication device, covert communication system, computer and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111299988.2A CN113923047B (en) | 2021-11-04 | 2021-11-04 | Covert communication method, covert communication device, covert communication system, computer and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113923047A CN113923047A (en) | 2022-01-11 |
| CN113923047B true CN113923047B (en) | 2024-07-16 |
Family
ID=79245139
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111299988.2A Active CN113923047B (en) | 2021-11-04 | 2021-11-04 | Covert communication method, covert communication device, covert communication system, computer and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113923047B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101753487A (en) * | 2008-12-04 | 2010-06-23 | 英华达(西安)通信科技有限公司 | Mobile electronic device for transmitting and receiving Morse code |
| CN103841118A (en) * | 2014-03-25 | 2014-06-04 | 中国科学技术大学苏州研究院 | Two-way reliable covert channel based on TCP effective loads |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309269A (en) * | 2008-06-17 | 2008-11-19 | 北京锐安科技有限公司 | Method and system for silent hiding network transmission |
| CN109981185A (en) * | 2018-11-29 | 2019-07-05 | 招商银行股份有限公司 | Data transmission and reception method, apparatus and computer readable storage medium |
| CN110324210B (en) * | 2019-08-06 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | Detection method and device for covert channel communication based on ICMP (Internet control protocol) |
| CN111478920A (en) * | 2020-04-27 | 2020-07-31 | 深信服科技股份有限公司 | Method, device and equipment for detecting communication of hidden channel |
| CN112565229B (en) * | 2020-11-27 | 2023-05-05 | 北京天融信网络安全技术有限公司 | Hidden channel detection method and device |
-
2021
- 2021-11-04 CN CN202111299988.2A patent/CN113923047B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101753487A (en) * | 2008-12-04 | 2010-06-23 | 英华达(西安)通信科技有限公司 | Mobile electronic device for transmitting and receiving Morse code |
| CN103841118A (en) * | 2014-03-25 | 2014-06-04 | 中国科学技术大学苏州研究院 | Two-way reliable covert channel based on TCP effective loads |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113923047A (en) | 2022-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11470582B2 (en) | User device, and method for inter-user-device sending and receiving of positioning signal | |
| US9900355B2 (en) | Method, terminal device, server and system for sharing information | |
| KR101745456B1 (en) | Ecu for transmitting large data in hil test environment, system including the same and method thereof | |
| CN113835902B (en) | Data processing method, device, computer equipment and storage medium | |
| CN108134816B (en) | Access to data on remote device | |
| KR20150007411A (en) | method and apparatus for transmitting and receiving data and medium thereof | |
| CN113114707B (en) | Rule filtering method for power chip Ethernet controller | |
| CN110167192B (en) | Bluetooth connection management method and device, electronic equipment and non-transient storage medium | |
| CN113872735A (en) | Data transmission method, device and equipment | |
| KR100677144B1 (en) | Method and apparatus for transmitting and receiving data via WUSB | |
| CN113923047B (en) | Covert communication method, covert communication device, covert communication system, computer and readable storage medium | |
| US20160006801A1 (en) | Data sharing system | |
| WO2016115680A1 (en) | Signal sending method and device | |
| CN112732560B (en) | Method and device for detecting leakage risk of file descriptor | |
| CN109766347B (en) | Data updating method, device, system, computer equipment and storage medium | |
| US20150296529A1 (en) | Data sharing system | |
| WO2016145616A1 (en) | Method, device, and system for information transmission | |
| WO2020113401A1 (en) | Data detection method, apparatus and device | |
| CN111163100B (en) | Data structure, communication method, device, storage medium and equipment | |
| CN105103515B (en) | A kind of method, apparatus and system of data processing | |
| EP2981024A1 (en) | Method and apparatus for home gateway port configuration | |
| CN111372298A (en) | Wireless access method, device, equipment and storage medium | |
| CN118101739B (en) | Network connection reset information acquisition method, device and storage medium | |
| CN109639528A (en) | A kind of test method and device of log receptivity | |
| CN118764390B (en) | Method and related device for determining SRB connection relation of secure real-time bus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |