Detecting Selected Network Covert Channels Using Machine Learning

Chourib, Mehdi

doi:10.1109/hpcs48598.2019.9188115

Cited by 10 publications

(6 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, based on features of anomalous behaviors of packets defined and extracted in Table I, this paper will propose a method to classify these packets. It can be seen that to detect network steganography, previous studies often used algorithms such as SVM [4,15], RF [3]. To improve the efficiency of the network steganography detection method, this paper proposes to use some deep learning algorithms and models.…”

Section: B the Detection Methodsmentioning

confidence: 99%

“…Most generic methods fall into two subcategories that characterize their approach: statistical or machine learning. The studies [3,4,5,6,7,8] presented several studies and proposals for detecting network steganography based on the abnormal behavior analysis technique and the ruleset database. However, noticed that these approaches have two problems [1,2,9,10,11,12]: using the available dataset and focusing on detecting only one steganography technique.…”

Section: A the Problemmentioning

confidence: 99%

See 1 more Smart Citation

A New Approach for Network Steganography Detection based on Deep Learning Techniques

Xuan¹,

Duong²

2021

IJACSA

View full text Add to dashboard Cite

One of the techniques that current cyber-attack methods often use to steal and transmit data out is to hide secret data in packets. This is the network steganography technique. Because millions of packets are sent and received every hour in internet activity, so it is very difficult to detect the theft and transmission of system data out using this form. Recent approaches often seek ways to compute and extract abnormal behaviors of packets to detect a steganography protocol or technique. However, such methods have the difficult problem of not being able to detect abnormal packets when an attacker uses other steganography techniques. To solve the above problem, this paper proposes a network steganography detection method using deep learning techniques. The highlight of this study is some new proposed features based on different components of the packet. By combining these many components, this proposal will not only provide the ability to detect many steganography techniques in the network, but also improve the ability to accurately detect abnormal packets. Besides, this study proposes to use deep learning for the task of detecting normal and abnormal packets. The authors want to take advantage of the big data analysis and processing capabilities of deep learning models in order to improve the ability to analyze and detect network steganography techniques. The experimental results in Section IVD have proved the effectiveness of this proposed method compared with other approaches.

show abstract

Section: B the Detection Methodsmentioning

confidence: 99%

Section: A the Problemmentioning

confidence: 99%

A New Approach for Network Steganography Detection based on Deep Learning Techniques

Xuan¹,

Duong²

2021

IJACSA

View full text Add to dashboard Cite

show abstract

“…Other detection approaches involve deep learning [11], such as Recurrent Neural Networks ( [53] or Reinforcement Learning [54]). [55] puts into evidence that all the above mentioned algorithms were trained and tested on traffic data obtained from just a single covert channel tool. As an advance to this limitation, three ML models (SVM, k-Nearest Neighbors, Deep Neural Networks) on covert traffic generated by nine different tools are discussed to demonstrate that k-NN performed better than the others.…”

Section: Related Workmentioning

confidence: 99%

Exploiting Internet of Things Protocols for Malicious Data Exfiltration Activities

et al. 2021

View full text Add to dashboard Cite

Internet of Things is a widely adopted and pervasive technology, but also one of the most relevant in cyber-security, given the volume and sensitivity of shared data and the availability of affordable but insecure products. In this paper, we propose a novel cyber-threat exploiting the Message Queue Telemetry Transport (MQTT) protocol to implement a tunneling attack. In IoT networks, sensitive and critical information are exchanged between devices or external systems to perform data analysis. For this reason, a tunneling threat could be adopted by a malicious user to steal information. In this context, a tunneling system based on MQTT can be considered since this communication protocol could be allowed to pass through enterprise firewalls because it is widely adopted in this IoT world. An attacker can exploit the MQTT protocol for various purposes such as steal information or access to not-allowed websites/servers. In particular in this work, we contribute in two main points: initially we demonstrate how the proposed threat is able to encapsulate messages through the MQTT protocol, by also comparing it with other tunneling systems exploiting different communication protocols. Obtained results show that exploiting MQTT for tunneling purposes is a good choice, compared to other communication protocols, especially for payloads up to 3000 bytes. Then, we propose and validate an initial machine learning based approach able to detect the proposed MQTT tunnel, by comparing different detection algorithms tested with and without a hyperparameter optimization, in terms of accuracy, F1 score and Receiver Operating Characteristic (ROC) curve. In this case, obtained results show that some algorithms are able to identify the attack, with an accuracy exceeding 95%, while others lack of such capability.

show abstract

“…This has motivated the researchers working in the field of networking to apply DL and ML techniques for Network applications like Traffic classification and Prediction. Chourib [16] suggested the use of DL and ML techniques like SVM, DNN, and KNN to identify covert channels in selected header fields of IPv4, ICMP, TCP, UDP, and DNS protocols.…”

Section: Introductionmentioning

confidence: 99%

Detecting and Locating Storage-Based Covert Channels in Internet Protocol Version 6

2022

View full text Add to dashboard Cite

Increased usage of the Internet has risen the demand for more IP addresses across the globe resulting in replacement of IPv4 by IPv6 protocol. Hence, security of IPv6 has become a vital area of research. One of the serious threats to Internet security is the presence of Network Covert Channels (NCCs) that provide substantial aid for performing covered communications like exchanging secret data and/or exfiltrating secret information from the organizations. To detect such malicious activities, there is an urgent requirement to develop and deploy efficient detection mechanisms in real-time networks. Further, to decode the hidden communications, there is an additional need to identify the location of covert data. Thus, this paper proposes a system for detecting and locating storage-based NCC(s) in IPv6 using Deep Neural Network (DNN) and One-vs-Rest (OvR) technique with Support Vector Machine (SVM). The proposed system is a two-layered system. Layer 1 detects an IPv6 packet as a normal/covert packet. Layer 2 locates the storage area of secret data in the covert packets detected at Layer 1. For experimentation, a dataset of normal and covert IPv6 packets was created using CAIDA's dataset and pcapStego tool. Experiments were conducted to select the appropriate classifiers at both layers of the proposed system. With DNN and OvR SVM selected as the classifiers at Layer 1 and Layer 2 respectively, the proposed system locates covert data in IPv6 packets with an Accuracy of 99.7% and an average prediction time of 0.0719 seconds per covert sample, making it suitable for real-time deployment.INDEX TERMS Cybersecurity, deep neural network, internet protocol version 6, machine learning, network covert channel detection, one-vs-rest, support vector machine.

show abstract

Detecting Selected Network Covert Channels Using Machine Learning

Cited by 10 publications

References 45 publications

A New Approach for Network Steganography Detection based on Deep Learning Techniques

A New Approach for Network Steganography Detection based on Deep Learning Techniques

Exploiting Internet of Things Protocols for Malicious Data Exfiltration Activities

Detecting and Locating Storage-Based Covert Channels in Internet Protocol Version 6

Contact Info

Product

Resources

About