Covert Channel Detection Using Process Query Systems
نویسندگان
چکیده
In this paper we use traffic analysis to investigate a stealthy form of data exfiltration. We present an approach to detect covert channels based on a Process Query System (PQS), a new type of information retrieval technology in which queries are expressed as process descriptions.
منابع مشابه
Correlating Packet Timing with Memory Content Detects IP Covert Timing Channels
We report a novel approach for detecting a hostile process extruding data through a covert timing channel. Our method looks for correlations between the timing of network traffic and bit strings in the address space of the suspicious process. Background Covert leakage of sensitive information from governmental or corporate systems remains a significant threat. Intelligent network gateways can c...
متن کاملMimic: An active covert channel that evades regularity-based detection
To counter the threat of leaks of sensitive and mission-critical information, high-security facilities employ multi-level security mechanisms in which information flows are prevented from high-security systems to lower-security systems. For networks, this includes the monitoring of all incoming and outgoing traffic, high-grade encryption for all data communication, intrusion detection systems, ...
متن کاملCovert channel detection using Information Theory
This paper presents an information theory based detection framework for covert channels. We first show that the usual notion of interference does not characterize the notion of deliberate information flow of covert channels. We then show that even an enhanced notion of “iterated multivalued interference” can not capture flows with capacity lower than one bit of information per channel use. We t...
متن کاملEmploying Entropy in the Detection and Monitoring of Network Covert Channels
The detection of covert channels has quickly become a vital need due to their pervasive nature and the increasing popularity of the Internet. In recent years, new and innovative methods have been proposed to aid in the detection of covert channels. Existing detection schemes are often too specific and are ineffective against new covert channels. In this paper, we expound upon previous work done...
متن کاملCovert Channel Analysis and Detection using Reverse Proxy Servers
Data hiding methods can be used by intruders to communicate over open data channels (Wolf 1989; McHugh 1995; deVivo, deVivo et al. 1999), and can be used to overcome firewalls, and most other forms of network intrusion detection systems. In fact, most detection systems can detect hidden data in the payload, but struggle to cope with data hidden in the IP and TCP packet headers, or in the sessio...
متن کامل