Engineering Statistical Behaviors for Attacking and Defending Covert Channels

Crespi, Valentino; Cybenko, George; Giani, Annarita

doi:10.1109/jstsp.2012.2237378

Cited by 16 publications

(8 citation statements)

References 37 publications

(50 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, covert channels can be detected by studying statistical characteristics of traffic flows. Such methods are described in . We use statistical techniques (multimodality, autocorrelation, and descriptive statistics) as basis to build the input feature vector of our detection scheme (Sections 4 and 5).…”

Section: Related Workmentioning

confidence: 99%

DAT detectors: uncovering TCP/IP covert channels by descriptive analytics

Iglesias

Annessi

Zseby

2016

Security Comm Networks

View full text Add to dashboard Cite

Covert channels provide means to conceal information transfer between hosts and bypass security barriers in communication networks. Hidden communication is of paramount concern for governments and companies, because it can conceal data leakage and malware communication, which are crucial building blocks used in cyber crime. We propose detectors based on descriptive analytics of traffic (DAT) to facilitate revealing network and transport layer covert channels originated from a wide spectrum of published data‐hiding techniques. DAT detectors transform communication data into flexible feature vectors that represent traffic by a set of extracted calculations and estimations. For the case of covert channels, the core of the detection is performed by the combined application of autocorrelation calculations and multimodality measures built upon kernel density estimations and Pareto charts. DAT detectors are devised to be embedded as extensions of network intrusion detection systems, being able to perform fast, lightweight analysis of numerous flows. The present paper focuses specifically on TCP/IP traffic and provides suitable classifications of TCP/IP fields and related covert channel techniques from the perspective of the statistical detection. The proposed methodology is evaluated with public traffic datasets as well as covert channels generated according to main techniques described in the related literature. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Section: Related Workmentioning

confidence: 99%

DAT detectors: uncovering TCP/IP covert channels by descriptive analytics

Iglesias

Annessi

Zseby

2016

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…URLs in HTTP are modulated by to construct a distributed covert channel. Similarly, the average size of packets, the ratio of small and large packets, and the change of packet size patterns can act as carriers of the covert information . In these channels, covert information is embedded into behaviors of network users.…”

Section: Introductionmentioning

confidence: 99%

“…On the other hand, many practical tools are developed by employing covert channel to deliver the privacy information, such as session password, and authority information. Generally, these network covert channels are exploited with a variety of network protocols such as FTP, TCP, IP, and HTTP .…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Design and analysis of the covert channel implemented by behaviors of network users

Qian

Sun

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

In this paper, a novel covert channel, called covert behavior channel, is proposed according to behaviors of network users to solve the security and efficiency problem of the traditional covert channel. In the proposed channel, operation sequences of the network protocols are used as carriers of covert information. An encryption‐based information embedding scheme is designed to improve security of the covert information. With the help of Markov model, the capacity of the proposed covert channel with time‐varying noise is derived. The formulation for analyzing the covert behavior channel is presented against the channel noise aroused by discarding packets. By introducing corrected entropy‐based algorithm to detect the covert behavior channel, the security of the channel is verified. Numerical results show that the proposed covert behavior channel is more secure than covert storage channels and achieves a better bit rate and robustness than that of covert timing channels. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

“…Naik et al [NBSD12] proposed an entropy approach for detecting timing channels. Similarly, Crespi et al [CCG13] studied different statistical anomaly detection methods, commonly used in network traffic analysis, to detect timing covert channels.…”

Section: Overview Of Covert Channel Detectionmentioning

confidence: 99%

Real-Time Detection of Storage Covert Channels

Sattolo¹

View full text Add to dashboard Cite

Covert channnels are a class of techniques for hiding the presence of communication between parties. In the context of cybersecurity, covert channels can be used by attackers to evade detection and to exfiltrate sensitive data. In so doing, they create a need for effective detection techniques for the use of covert channels.In this thesis, we present the conception, design and implementation of a system for detecting covert messages stored in the headers of network protocols in real time.We start by identifying statistical tests that can distinguish network traffic containing certain types of covert channels with high accuracy. We then leverage that information to build a system that analyses network traffic by tapping ethernet cables in order to detect the use of covert channels with very low latency.First of all, I would like to thank Prof. Jason Jaskolka for diligently supervising my work on this thesis. Without his steady guidance and frequent assistance this project surely would not have come to fruition as it has.Furthermore, I would like to thank my family and for their love and kindness throughout these past two years.

show abstract

Engineering Statistical Behaviors for Attacking and Defending Covert Channels

Cited by 16 publications

References 37 publications

DAT detectors: uncovering TCP/IP covert channels by descriptive analytics

DAT detectors: uncovering TCP/IP covert channels by descriptive analytics

Design and analysis of the covert channel implemented by behaviors of network users

Real-Time Detection of Storage Covert Channels

Contact Info

Product

Resources

About