Abstract
Covert Timing Channels(CTCs) is a technique to leak information. CTCs only modify inter-arrival time sequence(IATs) between packets, consequently, traditional network security mechanisms, such as firewalls and proxies, can not effectively detect CTCs. If CTCs are maliciously utilized by criminals, will pose a great threat to network security. Classic CTCs detection methods, such as KS-test, Entropy-test, etc, not only have less universality and robustness, but also require more sampled IATs to detect CTCs, therefore, how to improve performance of detection methods against CTCs, has became a popular research in recent years. In this paper, a new CTCs detection method based on time series symbolization is proposed. It firstly converts the sampled IATs to symbolic time series, and regards each discrete value as a status. Then counts the times of transition for each status to status, and calculates the status transition probability matrix(STPM). Finally, it differentiates the label(overt or covert) of sampled IATs, by calculating similarity score. Experimental results about detection accuracy show that, in an ideal network environment, compared with classic methods, our method has better performance, with average accuracy of about 96%. Besides, our method has better performance as well, with the existence of network interference.
Highlights
T HE concept of covert channel was firstly proposed by B
Classic detection methods against CTCs can be divided into three categories: statistical-based methods [8]-[9], entropybased methods [10], and machine learning methods [11]-[14]
On the purpose of overcoming above-mentioned shortcomings, we propose a new detection method of CTCs, which is based on time series symbolization
Summary
T HE concept of covert channel was firstly proposed by B. We summarize the shortcomings of the above methods: 1) Less universality: some of these methods can only detect few specific types of CTCs. 2) Low real-time performance: these methods require more sampled IATs, resulting in the inability to detect CTCs. On the purpose of overcoming above-mentioned shortcomings, we propose a new detection method of CTCs, which is based on time series symbolization. We set up a series of experiments, to evaluate our method’s performance in detection accuracy, with the comparison of classic detection methods. We summarize our work and prospect our future work
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have