Journal Title : International Journal of Modern Trends in Engineering and Science
Paper Title : AN EFFECTIVE COVERT TIMING CHANNELS DETECTION: SUPPORT VECTOR MACHINE & HYPERBOLIC HOPFIELD NEURAL NETWORK
Volume 03 Issue 11 2016
ISSN no: 2348-3121
Page no: 19-21
Abstract – A network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy and in a manner that can be difficult to detect. Detecting and preventing covert channels is particularly important for multilevel security systems in which processes working with classified information may leak information to processes with a lower classification level via the use of shared resources.A lot of generic mechanism that can be used to detect a large variety of covert channels. However, those mechanisms have more limitation like speed of detection, detection accuracy etc. In this project, a novel machine learning approach called Support Vector Machine and Hyperbolic Hopfield Neural Network is used to classify the covert channels data packets. The proposed approach is categorized into two phases such as Support Vector Machine Training and Convert Channel prediction. Finally, we shown the proposed method is an effective approach to detect the covert channels from the shared network resources.
Keywords— Covert Channels; Detection; Machine Learning; Traffic Fingerprints
- S. Zander, P. Branch, G. Armitage, “A survey of covert channels and countermeasures in computer network protocols,” IEEE Communications Surveys & Tutorials, Vol. 9, Iss. 3, Third Quarter 2007, pp. 44-57.
- H. Zhao, Y.-Q. Shi, “Detecting Covert Channels in Computer Networks Based on Chaos Theory,” IEEE Transactions on Information Forensics and Security, Vol. 8, No. 2, February 2013.
- E. Tumoian, M. Anikeev, “Network Based Detection of Passive Covert Channels in TCP/IP,” The IEEE Conference on Local Computer Networks, 2005, pp. 802-809.
- C. Zhiyong, S. Ying, S. Changxiang, “Detection of Insertional Covert Channels Using Chi-square Test,” International Conference on Multimedia Information Networking and Security, 2009, pp. 432-435.
- J. Zhai, G. Liu, Y. Dai, “A Covert Channel Detection Algorithm Based On TCP Markov Model,” International Conference on Multimedia Information Networking and Security, 2010.
- R. Browne, “An entropy conservation law for testing the completeness of covert channel analysis,” in CCS ’94: Proceedings of the 2nd ACM Conference on Computer and Communications Security, (New York, NY, USA), pp. 270–281, ACM Press, 1994.
- S. Cabuk, C. E. Brodley, and C. Shields, “IP covert timing channels: design and detection,” in CCS ’04: Proceedings of the 11th ACMConference on Computer and Communications Security, (New York, NY, USA), pp. 178–187, ACM Press, 2004.
- K. Borders and A. Prakash, “Web tap: detecting covert web traffic,” in CCS ’04: Proceedings of the 11th ACM Conference on Computer and Communications Security, (New York, NY, USA), pp. 110–120, ACM Press, 2004.
- V. Berk, A. Giani, and G. Cybenko, “Detection of covert channel encoding in network packet delays,” Tech. Rep. TR2005-536, Dartmouth College, Computer Science, Hanover, NH, August 2005.
- F.Rezaei,M.Hempel, D.Peng, H.Sharif, “Disrupting and Preventing Late-Packet CovertCommunication Using Sequence Number Tracking,” IEEE MILCOM 2013, pp. 599-604.
- Liu, J. Chen, L. Yang, “Real-Time Detection of Covert Channels in Highly Virtualized Environments,” Critical Infrastructure Protection V IFIP Advances in Information and Communication Technology Vol.367, 2011, pp 151-164.
- R.Zhang, X.Su, J.Wang, C.Wang, W.Liu, R.W.H. Lau, “On Mitigating the Risk of Cross-VM CovertChannels in a Public Cloud,” DOI 10.1109/TPDS.2014.2346504, IEEE Transactions on Parallel and Distributed Systems, 2014.
- S. Gianvecchio, H. Wang, “An Entropy-Based Approach to Detecting Covert Timing Channels,” IEEE Transactions on Dependable and Secure Computing, Nov-Dec 2011, Vol. 8, Iss. 6, pp. 785-797.
- Porta, G. Baselli, D. Liberati, N. Montano, C. Cogliati, T.Gnecchi-Ruscone, A. Malliani, and S. Cerutti, “Measuring Regularity by Means of a Corrected Conditional Entropy in Sympathetic Outflow,” Biological Cybernetics, vol. 78, no. 1, pp. 71-78, Jan. 1998.
- R. Archibald, D. Ghosal, “A comparative analysis of detection metrics for covert timing channels,” Computer and Security, 2014.
- P. L. Shrestha, M.Hempel, F.Rezaei, H.Sharif, “Leveraging Statistical Feature Points for GeneralizedDetection of Covert Timing Channels,” MILCOM, 2014.
- G. Shah, A. Molina, M. Blaze,”Keyboards and covert channels,” Proc. of the USENIX Security Symposi-um, 2006.
- S.H. Sellke, C. Wan, S. Bagchi, N. Schroff, “TCP/IP Timing Channels: Theory to Implementation,” Proceed-ings of IEEE INFOCOM, 2009, pp. 2204-2212.
- S. Cabuk, “Network Covert Channels: Design, Analysis, Detection, and Elimination,” Ph.D. disser-tation, Purdue University, West Lafayette, IN, 2006.
- S.Zander, G.Armitage, P.Branch, “Stealthier Inter-packet Timing Covert Channels,” NETWORKING 2011Lecture Notes in Computer Science Volume 6640, 2011, pp 458-470.
- S. Gianvecchio, H. Wang, D. Wijesekera, and S. Jajodia, “Model-Based Covert Timing Channels:Automated Modeling and Evasion,”Proceedings of the 2008 Symposium on Recent Advances in Intrusion Detection, September 2008.
- T. Sohn, J.T. Seo, J. Moon,“A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine.”Information and Communications Security, Lecture Notes in Computer Science Volume 2836, 2003, pp 313-324.
- T. Sohn, J. Moon,S.Lee,D.H.Lee,J.Lim, “Covert Channel Detection in the ICMP Payload Using Support Vector Machine,” Computer and Information Sciences, Lecture Notes in Computer Science Volume 2869, 2003, pp 828-835.