Detection of Covert Channel Encoding in Network Packet Delays
نویسندگان
چکیده
Covert channels are mechanisms for communicating information in ways that are difficult to detect. Data exfiltration can be an indication that a computer has been compromised by an attacker even when other intrusion detection schemes have failed to detect a successful attack. Covert timing channels use packet interarrival times, not header or payload embedded information, to encode covert messages. This paper investigates the channel capacity of Internet-based timing channels and proposes a methodology for detecting covert timing channels based on how close a source comes to achieving that channel capacity. A statistical approach is then used for the special case of binary codes.
منابع مشابه
طراحی و ارزیابی روش کدگذاری ترکیبی برای کانال پوششی زمانبندیدار در شبکه اینترنت
Covert channel means communicating information through covering of overt and authorized channel in a manner that existence of channel to be hidden. In network covert timing channels that use timing features of transmission packets to modulating covert information, the appropriate encoding schema is very important. In this paper, a hybrid encoding schema proposed through combining "the inter-pac...
متن کاملRobust and Undetectable Covert Timing Channels for i.i.d. Traffic
Covert timing channels exploit inter-packet delays in network traffic to transmit secret messages. The two most important design goals are undetectability (the covert channel has to remain hidden to a potential adversary that is monitoring the inter-packet delay pattern) and robustness (messages can be decoded correctly even in presence of (maliciously) injected noise). In previous proposals un...
متن کاملMimic: An active covert channel that evades regularity-based detection
To counter the threat of leaks of sensitive and mission-critical information, high-security facilities employ multi-level security mechanisms in which information flows are prevented from high-security systems to lower-security systems. For networks, this includes the monitoring of all incoming and outgoing traffic, high-grade encryption for all data communication, intrusion detection systems, ...
متن کاملNetwork Packet Length Covert Channel Based on Empirical Distribution Function
Network packet length covert channel modulates secret message bits onto the packet lengths to transmit secret messages. In this paper, a novel network packet length covert channel is proposed. The proposed scheme is based on the empirical distribution function of packet length series of legitimate traffic. Different from the existing schemes, the lengths of packets which are generated by the co...
متن کاملLiquid: A detection-resistant covert timing channel based on IPD shaping
Covert timing channels provide a way to surreptitiously leak information from an entity in a higher-security level to an entity in a lower level. The difficulty of detecting or eliminating such channels makes them a desirable choice for adversaries that value stealth over throughput. When one considers the possibility of such channels transmitting information across network boundaries, the thre...
متن کامل