Efficient Non-Linear Covert Channel Detection in TCP Data Streams

Hanaa Nafea,Kashif Kifayat,Bob Askwith,Qi Shi,Kashif Naseer Qureshi

doi:10.1109/access.2019.2961609

Hanaa Nafea, Kashif Kifayat + Show 3 more

Open Access

https://doi.org/10.1109/access.2019.2961609

Copy DOI

Abstract

Cyber-attacks are causing losses amounted to billions of dollars every year due to data breaches and Vulnerabilities. The existing tools for data leakage prevention and detection are often bypassed by using various different types of sophisticated techniques such as network steganography for stealing the data. This is due to several weaknesses which can be exploited by a threat actor in of existing detection systems. The weaknesses are high time and memory training complexities as well as large training datasets. These challenges become worse when the amount of generated data increasing in every second in many realms. In addition, the number of false positives is high which make them inaccurate. Finally, there is a lack of a framework catering the needs such as raising alerts as well as data monitoring and updating/adapting of a threshold value used for checking the data packets for covert data. In order to overcome these weaknesses, this paper proposes a novel framework that includes elements such as continuous data monitoring, threshold maintenance, and alert notification. This paper also proposes a model based on statistical measures to detects covert data leakages, especially for non-linear chaotic data. The main advantage of proposed model is its capability to provide results with tolerance/threshold values much more efficiently. Experiment are indicated that the proposed framework has low false positives and outperforms over various existing techniques in terms of accuracy and efficiency.

Highlights

The rapid expansion of Information and Communication Technologies (ICTs) and highly interconnected critical infrastructures have created various cyber security threats and challenges
The existing research has shown that covert channels are divided into three major categories, i.e., covert timing channels, covert storage channels and covert network channels [12]
The Hypertext Transfer Protocol (HTTP) and TCP/Internet Protocol (IP) protocols are linked to known types of covert network channels

Summary

INTRODUCTION

The rapid expansion of Information and Communication Technologies (ICTs) and highly interconnected critical infrastructures have created various cyber security threats and challenges. Nafea et al.: Efficient Non-Linear Covert Channel Detection in TCP Data Streams the classification of complex datasets These overcome some shortcomings of the pattern based approaches by improving the ability to cope with incomplete datasets and offering insights into latent information within the datasets. Statistical approaches do offer some degree of effectiveness, but again similar to machine learning based approaches, they fail due to the chaotic nature of non-linear data being leaked via packet headers [10] Overall, this makes it difficult for existing techniques to differentiate between normal data and the data masked to appear as normal data.

AND RELATED WORK

PROPOSED STATISTICAL ALGORITHM FOR COVERT CHANNEL DETECTION

PROPOSED STATISTICAL THRESHOLD CREATION ALGORITHM

PROPOSED STATISTICAL ALGORITHM FOR QUANTIFICATION OF OUTLIERS

VIII. CONCLUSION