Starten Sie Ihre Suche...


Durch die Nutzung unserer Webseite erklären Sie sich damit einverstanden, dass wir Cookies verwenden. Weitere Informationen

Weaknesses of popular and recent covert channel detection methods and a remedy

IEEE Transactions on Dependable and Secure Computing. Bd. 20. H. 6. Institute of Electrical and Electronics Engineers (IEEE) 2023 S. 5156 - 5157

Erscheinungsjahr: 2023

Publikationstyp: Zeitschriftenaufsatz

Sprache: Englisch

Doi/URN: 10.1109/tdsc.2023.3241451

Volltext über DOI/URN

GeprüftBibliothek

Inhaltszusammenfassung


Network covert channels are applied for the secret exfiltration of confidential data, the stealthy operation of malware, and legitimate purposes, such as censorship circumvention. In recent decades, some major detection methods for network covert channels have been developed. In this paper, we investigate two highly cited detection methods for covert timing channels, namely ϵ-similarity and compressibility score from Cabuk et al. (jointly cited by 930 papers and applied by thousands of resear...Network covert channels are applied for the secret exfiltration of confidential data, the stealthy operation of malware, and legitimate purposes, such as censorship circumvention. In recent decades, some major detection methods for network covert channels have been developed. In this paper, we investigate two highly cited detection methods for covert timing channels, namely ϵ-similarity and compressibility score from Cabuk et al. (jointly cited by 930 papers and applied by thousands of researchers). We additionally analyze two recent ML-based detection methods: GAS (2022) and SnapCatch (2021). While all these detection methods must be considered valuable for the analysis of typical covert timing channels, we show that these methods are not reliable when a covert channel's behavior is slightly modified. In particular, we demonstrate that when confronted with a simple covert channel that we call ϵ-κlibur, all detection methods can be circumvented or their performance can be significantly reduced although the covert channel still provides a high bitrate. In comparison to previous timing channels that circumvent these methods, ϵ-κlibur is much simpler and eliminates the need of altering previously recorded traffic. Moreover, we propose an enhanced ϵ -similarity that can detect the classical covert timing channel as well as ϵ-κlibur.» weiterlesen» einklappen

  • Covert Channel
  • verdeckter Kanal
  • Information Hiding
  • Steganography
  • Steganografie
  • Network Security
  • Anomaly Detection
  • GAS
  • SnapCatch
  • IT-Sicherheit
  • Netzwerksicherheit
  • Cyber Security

Klassifikation


DFG Fachgebiet:
Informatik

DDC Sachgruppe:
Informatik

Verbundene Forschungsprojekte



Verknüpfte Personen


Steffen Wendzel