中文摘要：

基于网络协议的信息隐藏技术的研究目的在于利用协议的规范或其实现的漏洞，在普通的网络数据包中嵌入隐藏信息。入侵检测工具Snort对TCP选项域的处理存在漏洞，RFC793对TCP选项域的一些使用限制也过于宽松。针对这些漏洞的设计了两种利用TCP选项域嵌入隐藏信息的信息隐藏算法，这些算法可以逃避Snort的检查；并分析了算法的隐蔽信道带宽，给出了算法的伪代码，并在实际环境中进行了验证。

英文摘要：

The information hiding research based on network protocol aims at useing vulnerabilities of protocol definition and realization. The hiding data is embedded into the common TCP packets. The intrusion detection tool Snort has vulnerabilities in TCP option proceeding and the usage of some TCP options are not strictly defined in RFC793. Based on the vulnerabilities, two data hiding algorithms are presented by making use of TCP options. The algorithms evade the Snort＇s detection. The covert channels＇ bandwidth is studied and an algorithm＇s pseudo codes are given. The algorithms are tested in the real network environment.