期刊论文详细信息
IEEE Access 卷:9
SnapCatch: Automatic Detection of Covert Timing Channels Using Image Processing and Machine Learning
Shorouq Al-Eidi1  Ghaith Husari1  Yuanzhu Chen2  Omar Darwish3 
[1] Computer Science Department, Memorial University of Newfoundland, St. John&x2019;
[2] Computer Technology and Information System Department, Ferrum College, Ferrum, VA, USA;
[3] s, NL, Canada;
关键词: Covert timing channels;    detection;    entropy;    image processing;    machine learning;   
DOI  :  10.1109/ACCESS.2020.3046234
来源: DOAJ
【 摘 要 】

With the rapid growth of data exfiltration carried out by cyber attacks, Covert Timing Channels (CTC) have become an imminent network security risk that continues to grow in both sophistication and utilization. These types of channels utilize inter-arrival times to steal sensitive data from the targeted networks. CTC detection relies increasingly on machine learning techniques, which utilize statistical-based metrics to separate malicious (covert) traffic flows from the legitimate (overt) ones. However, given the efforts of cyber attacks to evade detection and the growing column of CTC, covert channels detection needs to improve in both performance and precision to detect and prevent CTCs and mitigate the reduction of the quality of service caused by the detection process. In this article, we present an innovative image-based solution for fully automated CTC detection and localization. Our approach is based on the observation that the covert channels generate traffic that can be converted to colored images. Leveraging this observation, our solution is designed to automatically detect and locate the malicious part (i.e., set of packets) within a traffic flow. By locating the covert parts within traffic flows, our approach reduces the drop of the quality of service caused by blocking the entire traffic flows in which covert channels are detected. We first convert traffic flows into colored images, and then we extract image-based features for detection covert traffic. We train a classifier using these features on a large data set of covert and overt traffic. This approach demonstrates a remarkable performance achieving a detection accuracy of 95.83% for cautious CTCs and a covert traffic accuracy of 97.83% for 8 bit covert messages, which is way beyond what the popular statistical-based solutions can achieve.

【 授权许可】

Unknown   

  文献评价指标  
  下载次数:0次 浏览次数:0次