Covert channel detection using Information Theory
نویسندگان
چکیده
منابع مشابه
Covert channel detection using Information Theory
This paper presents an information theory based detection framework for covert channels. We first show that the usual notion of interference does not characterize the notion of deliberate information flow of covert channels. We then show that even an enhanced notion of “iterated multivalued interference” can not capture flows with capacity lower than one bit of information per channel use. We t...
متن کاملCovert Channel Detection Using Process Query Systems
In this paper we use traffic analysis to investigate a stealthy form of data exfiltration. We present an approach to detect covert channels based on a Process Query System (PQS), a new type of information retrieval technology in which queries are expressed as process descriptions.
متن کاملCovert Channel Analysis and Detection using Reverse Proxy Servers
Data hiding methods can be used by intruders to communicate over open data channels (Wolf 1989; McHugh 1995; deVivo, deVivo et al. 1999), and can be used to overcome firewalls, and most other forms of network intrusion detection systems. In fact, most detection systems can detect hidden data in the payload, but struggle to cope with data hidden in the IP and TCP packet headers, or in the sessio...
متن کاملInformation Theory of Covert Timing Channels
We review our recent work on the reliability function of the timing channel associated to the first in first out exponential-server queue. This result may be of use in understanding the limits to communication over covert timing channels arising in networks.
متن کاملCovert Channel Using ICMPv6 and IPv6 Addressing
Internet Protocol version 6, the latest revision of the Internet Protocol (IP), is rising in popularity. Along with it has come ample opportunity for the discovery and utilization of fresh, new covert channels. This paper proposes a covert channel using this "IP Next Generation Protocol", widely referred to as IPv6, as well as its associated protocol ICMPv6. As a proof-of-concept, two hosts run...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Electronic Proceedings in Theoretical Computer Science
سال: 2011
ISSN: 2075-2180
DOI: 10.4204/eptcs.51.3