A Case Study on the Detection of Hash-Chain-based Covert Channels Using Heuristics and Machine Learning
Proceedings of the 19th International Conference on Availability, Reliability and Security. New York: ACM 2024 S. 1 - 10
Erscheinungsjahr: 2024
Publikationstyp: Buchbeitrag (Konferenzbeitrag)
Sprache: Englisch
Doi/URN: 10.1145/3664476.3670877
Geprüft | Bibliothek |
Inhaltszusammenfassung
Reversible network covert channels restore the original carrier object before forwarding it to the overt receiver, drawing them a security threat hard to detect. Some of these covert channels utilize computational intensive operations, such as the calculation of cryptographic hashes. This paper proposes utilizing shape analysis of packet runtime distributions to detect such computational intensive covert channels. To this end, we simulated the latency of covert channel-modified traffic by add...Reversible network covert channels restore the original carrier object before forwarding it to the overt receiver, drawing them a security threat hard to detect. Some of these covert channels utilize computational intensive operations, such as the calculation of cryptographic hashes. This paper proposes utilizing shape analysis of packet runtime distributions to detect such computational intensive covert channels. To this end, we simulated the latency of covert channel-modified traffic by adding mock hash-reconstruction delays to runtimes of legitimate ping traffic. After qualitatively observing the changes in the empirical probability distribution between modified and natural traffic, we investigated machine learning algorithms for their ability to detect such covert channels. Our results show that a decision tree-based AdaBoost classifier and a CNN using the investigated statistical measures as input vector are able to classify sets of 50 ping measurements with high accuracy. Our approach is superior over previous work on the detection of computational intensive covert channels as it requires smaller sampling window sizes, achieves significantly higher detection rates, and thus draws detection more reliable with fewer preparation.» weiterlesen» einklappen
Klassifikation
DFG Fachgebiet:
Informatik
DDC Sachgruppe:
Informatik
Verknüpfte Personen
- Steffen Wendzel
- ehemaliger Wissenschaftlicher Leiter
(Zentrum für Technologie und Transfer | ZTT)