Inhaltszusammenfassung

Reversible network covert channels restore the original carrier object before forwarding it to the overt receiver, drawing them a security threat hard to detect. Some of these covert channels utilize computational intensive operations, such as the calculation of cryptographic hashes. This paper proposes utilizing shape analysis of packet runtime distributions to detect such computational intensive covert channels. To this end, we simulated the latency of covert channel-modified traffic by add...Reversible network covert channels restore the original carrier object before forwarding it to the overt receiver, drawing them a security threat hard to detect. Some of these covert channels utilize computational intensive operations, such as the calculation of cryptographic hashes. This paper proposes utilizing shape analysis of packet runtime distributions to detect such computational intensive covert channels. To this end, we simulated the latency of covert channel-modified traffic by adding mock hash-reconstruction delays to runtimes of legitimate ping traffic. After qualitatively observing the changes in the empirical probability distribution between modified and natural traffic, we investigated machine learning algorithms for their ability to detect such covert channels. Our results show that a decision tree-based AdaBoost classifier and a CNN using the investigated statistical measures as input vector are able to classify sets of 50 ping measurements with high accuracy. Our approach is superior over previous work on the detection of computational intensive covert channels as it requires smaller sampling window sizes, achieves significantly higher detection rates, and thus draws detection more reliable with fewer preparation.» weiterlesen» einklappen

Autoren

Klassifikation

DFG Fachgebiet:
Informatik

DDC Sachgruppe:
Informatik