A Detection Method for Cloak Covert Channel Based on Distribution of TCP Burst Size
نویسندگان
چکیده
Cloak is a new class of network covert timing channel relied on multilink with high reliability and enhanced data rate. The existing detection schemes are less effective to detect this kind of covert channel. In this paper, the detection method for Cloak covert channel based on burst size distribution is proposed. The statistical distribution of burst size is calculated and Chi-Squared test is utilized to judge whether the network traffic obeys the theoretical distribution generated by Cloak. Further, the influences of detection performance caused by the RTT variation and packet loss are also discussed. Experimental results show that the proposed method achieves high detection performance.
منابع مشابه
Cloak: A Ten-Fold Way for Reliable Covert Communications
In this paper, we propose Cloak—a new class of reliable timing channels—which is fundamentally different from other timing channels in several aspects. First, Cloak encodes a message by a unique distribution of N packets over X TCP flows. The combinatorial nature of the encoding methods increases the channel capacity largely with (N,X). Second, Cloak offers ten different encoding and decoding m...
متن کاملNew geometry for TCP: severe plastic deformation of tubes
Since tubes are widely used for different industrial applications, processing of tubes by the Severe Plastic Deformation (SPD) method has been the target of different attempts. Among these attempts, development of SPD processes for tubes based on Equal Channel Angular Pressing (ECAP) has been more successful. As an illustration, Tube Channel Pressing (TCP) has been presented as an attractive SP...
متن کاملDesign of Transport Layer Based Hybrid Covert Channel Detection Engine
Computer network is unpredictable due to information warfare and is prone to various attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such attacks are devised using special communication channel called ``Covert Channel''. The word ``Covert'' stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within legitim...
متن کاملProtoLeaks: A Reliable and Protocol-Independent Network Covert Channel
We propose a theoretical framework for a network covert channel based on enumerative combinatorics. It offers protocol independence and avoids detection by using a mimicry defense. Using a network monitoring phase, traffic is analyzed to detect which application-layer protocols are allowed through the firewalls. Using these results, a covert channel is built based on permutations of benign netw...
متن کاملAn Evaluation Framework for the Analysis of Covert Channels in the TCP/IP Protocol Suite
Information hiding techniques can be used by criminals and terrorists to communicate over covert channels within the TCP/IP protocol suite and can be used to overcome firewalls and most other forms of network intrusion detection and prevention systems. In this work we describe the covert channel concept and weaknesses in the five layered TCP/IP layered model. We then present an evaluation frame...
متن کامل