Detection of Covert Timing Channel Based on Time Series Symbolization

Wu, Shuhong; Chen, Yonghong; Tian, Hui; Sun, Chonggao

doi:10.1109/ojcoms.2021.3118697

Cited by 8 publications

(5 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to Wu et al [53], there are three types of classic detection methods for CTCs: entropy-based, ML, and statistical-based methods. Ali summed up the drawbacks of the aforementioned techniques as follows:…”

Section: Covert Channel Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Network Covert Channels

Elsadig

2024

Steganography - The Art of Hiding Information

View full text Add to dashboard Cite

With the rapid advancement of communication and computer network technologies, covert channels are now more secure, quicker to set up, harder to detect, and easier to design than ever before. By breaking a system security policy, a covert channel can be utilized to leak confidential communications. Undoubtedly, one of the most difficult challenges is still detecting such harmful, unobservable, and covert dangers. Due to the fact that this danger takes advantage of techniques not intended for communication, it is invisible to conventional security solutions. This chapter offers a concise overview of covert channel concept, techniques, classifications, and countermeasures, emphasizing how new technologies are vulnerable to being exploited for initiation of different covert channels and how they offer a rich environment for developing effective but challenging covert channel attacks. It gives a comprehensive review of common covert channel countermeasures with more focus on machine learning detection techniques. Although some research studies have revealed beneficial uses of covert channel, which is natural given that many approaches have a double-edged sword impact, this chapter focuses on covert channels as a security threat that compromise our data and networks.

show abstract

Section: Covert Channel Detectionmentioning

confidence: 99%

“…To get around these shortcomings. Wu et al [53] proposed a time series symbolization-based detection technique for CTC identification. They convert interarrival times into symbolic representation using the k-Means clustering technique.…”

Section: Covert Channel Detectionmentioning

confidence: 99%

Network Covert Channels

Elsadig

2024

Steganography - The Art of Hiding Information

View full text Add to dashboard Cite

show abstract

“…Additionally, the effectiveness of employing several machine learning methods for CTC detection across various encoding schemes and flow capacities was investigated by the authors in [14]. A symbolic CTC detection model was recently proposed by Wu et al in [15]. The traffic inter-arrival times were intended to be transformed into symbolic time series by their model.…”

Section: Related Workmentioning

confidence: 99%

LinguTimeX: Explainable AI of Natural Language Detection in Leakage Information with Covert Timing Channels

Darwish,

Al-Eidi,

Al-Shorman

et al. 2024

Preprint

View full text Add to dashboard Cite

CCovert timing channels (CTC) enable surreptitious information leakage through manipulated data transmission timing, posing a severe cybersecurity risk. This research introduces a framework, called LinguTimeX, which utilizes explainable artificial intelligence approach that synergizes linguistic analysis with detection of timing irregularities to pinpoint CTC activities with high accuracy. The LinguTimeX extracts multidimensional features integrating statistical properties of textual content and temporal characteristics. An ensemble of machine learning and deep learning models, tailored for cross-lingual covert channel identification , demonstrates outstanding detection performance, with over 98% precision and recall in Arabic and 81% F1-score in Chinese datasets. Quantitative analysis and visualizations elucidate how innate language complexities govern covert signal amplitudes, guiding targeted optimization of feature engineering. The

show abstract

“…Finally, Wu et al tested the detectability of different covert timing channels using ϵ-similarity, KS test, Entropy and Corrected Conditional Entropy tests as well as regularity metric in [30]. This is the only current work that evaluates the ϵ-similarity, and the authors reported that two of the tested channels where detectable with an accuracy of 98% and 100%, while JitterBug and TRCC were not detectable.…”

Section: Improvements and Derivatives Of The Detection Heuristicsmentioning

confidence: 99%

Weaknesses of Popular and Recent Covert Channel Detection Methods and a Remedy

Zillien

Wendzel

2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Network covert channels are applied for the secret exfiltration of confidential data, the stealthy operation of malware, and legitimate purposes, such as censorship circumvention. In recent decades, some major detection methods for network covert channels have been developed. In this paper, we investigate two highly cited detection methods for covert timing channels, namely ϵ-similarity and compressibility score from Cabuk et al. (jointly cited by 930 papers and applied by thousands of researchers). We additionally analyze two recent ML-based detection methods: GAS (2022) and SnapCatch (2021). While all these detection methods must be considered valuable for the analysis of typical covert timing channels, we show that these methods are not reliable when a covert channel's behavior is slightly modified. In particular, we demonstrate that when confronted with a simple covert channel that we call ϵ-κlibur, all detection methods can be circumvented or their performance can be significantly reduced although the covert channel still provides a high bitrate. In comparison to previous timing channels that circumvent these methods, ϵ-κlibur is much simpler and eliminates the need of altering previously recorded traffic. Moreover, we propose an enhanced ϵ-similarity that can detect the classical covert timing channel as well as ϵ-κlibur.

show abstract

Detection of Covert Timing Channel Based on Time Series Symbolization

Cited by 8 publications

References 22 publications

Network Covert Channels

Network Covert Channels

LinguTimeX: Explainable AI of Natural Language Detection in Leakage Information with Covert Timing Channels

Weaknesses of Popular and Recent Covert Channel Detection Methods and a Remedy

Contact Info

Product

Resources

About