Abstract
Covert timing channels (CTCs) are defined as a mechanism that embeds covert information into network traffic. In a manner, information leakage caused by CTCs brings serious threat to network security. In recent years, detection of CTCs is a focus and a challenging task in the field of covert channel research. However, existing detection schemes based on statistical methods have poor performance in detecting multiple CTCs, and require so many inter-arrival times of packets that these schemes cannot detect CTCs in real time. In this paper, we propose a novel deep learning approach for CTCs detection, namely, covert timing channels detection based on auxiliary classifier generative adversarial network (CD-ACGAN). The network structure and loss function of CD-ACGAN are designed to be suitable for CTCs detection task. We first encode traffic flows into single-channel Gramian Angular Field (GAF) images. Then we use CD-ACGAN to learn features from GAF images and predict the classes of CTCs. Our experimental results show that our approach has high accuracy and strong robustness in detecting various CTCs.
Highlights
A covert channel is a communication technology that violates restriction rules for covert information transmission on the Internet [1]
Depending on the different construction mechanisms, existing network covert channels are mainly divided into two categories: covert storage channels (CSCs) and covert timing channels (CTCs)
The new classification model we developed is named CTCs detection based on Auxiliary classifier generative adversarial network (ACGAN) (CD-ACGAN)
Summary
A covert channel is a communication technology that violates restriction rules for covert information transmission on the Internet [1]. Covert channels have better concealment compared with other stealing technology. Traditional network security measures methods, such as firewall, virus killing, and intrusion detection, cannot detect and defend the transmission of covert information [2]. Due to the good concealment, covert channels have brought serious threat to the security of user privacy, military secrets, and national cyberspace. Depending on the different construction mechanisms, existing network covert channels are mainly divided into two categories: covert storage channels (CSCs) and covert timing channels (CTCs). CSCs use some fields in the network packet to encode covert information for transmission. CTCs transmit covert information by manipulating inter-arrival times of packets. We present the construction and detection of CTCs. Most of the construction schemes are based on inter-arrival times of packets.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
