Detecting IP covert timing channels by correlating packet timing with memory content

Stillman, Richard M.

doi:10.1109/secon.2008.4494286

Cited by 14 publications

(11 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Particularly it should be possible by regulating between parcel delays. We give careful consideration to identify secret channels identified with TCP ISN and IP ID fields [9]. At the SVM preparing time they gathered normal TCP/IP parcels utilizing a tcp dump instrument and abnormal TCP/IP packets(including incognito fields) produced from clandestine tcp and after that tried it for IP Identification field of IP header and grouping number field of TCP header [3].…”

Section: Ip Covert Timing Channelmentioning

confidence: 99%

Covert Channels Detection with Supported Vector Machine and Hyperbolic Hopfield Neural Network

Yuvaraj¹,

N²,

Rajkamal³

2018

IJET

View full text Add to dashboard Cite

A mechanism that is intended to expose information against a security violation in a network is the use of network covert channel and it is difficult to detect information about data loss like location of loss using network covert channel. To identify the covert channel were the data pattern missing over the sharing of resources in networks. Several mechanisms are used to identify a large variation of covert channels. However, those mechanisms have more limitation like speed of detection, detection accuracy etc. In this paper, a new machine learning approaches called “Support Vector Machine and Hyperbolic Hopfield Neural Network” to overcome the drawbacks of existing methods. This approach is supported to classifying the different covert channels with data packets which is shared in networks and its supports to identifying the location of data loss or data pattern mismatched. Finally, the proposed methods properly detected covert channels with high accuracy and less detection high speed shared a network resources in effective manner.

show abstract

Section: Ip Covert Timing Channelmentioning

confidence: 99%

Covert Channels Detection with Supported Vector Machine and Hyperbolic Hopfield Neural Network

Yuvaraj¹,

N²,

Rajkamal³

2018

IJET

View full text Add to dashboard Cite

show abstract

“…Though experimental results of non-detectability, and capacity are given, non-disclosure and robustness are not considered in their work. Stillman et al have proposed to use a concatenated code (convolutional outer code over an inner copy code) for a CTCC implementation through Mix-firewalls [Stillman 2008]. They have not considered any requirement of an effective CTCC.…”

Section: Covert Timing Channel Communicationmentioning

confidence: 99%

A Survey of Timing Channels and Countermeasures

2017

View full text Add to dashboard Cite

A timing channel is a communication channel that can transfer information to a receiver/decoder by modulating the timing behavior of an agent. Examples of this agent include the inter-packet delays of a packet stream, reordering packets in a packet stream or resource access time of a cryptographic module. The advances in information theory and the availability of high performance computing systems interconnected by high speed networks, have spurred interest and development of various types of timing channels. With the emergence of complex timing channels, novel detection and prevention techniques are also being developed to counter them. In this paper we provide a detailed survey of timing channels broadly categorized into network timing channel in which communicating entities are connected by a network and in-system timing channel in which the communicating entities are within a computing system. This survey builds upon the last comprehensive survey by [Zander et al. 2007] and considers all the three canonical applications of timing channels namely, covert communication, timing side-channel, and network flow watermarking. We survey the theoretical foundations, the implementation, and the various detection and prevention techniques that have been reported in the literature. Based on the analysis of the current literature we articulate potential future research directions both in the design and applications of timing channels and their detection and prevention techniques.

show abstract

“…Stillman [18] suggested finding correlations between the IPDs of a network stream and the memory content on a compromised machine in order to detect CTCs. The proposed method creates a histogram of the IPDs, that is then used to estimate the values used to encode each symbol in a binary scheme.…”

Section: Defense Against Covert Channelsmentioning

confidence: 99%