Off-campus UNL users: To download campus access dissertations, please use the following link to log into our proxy server with your NU ID and password. When you are done browsing please remember to return to this page and log out.
Non-UNL users: Please talk to your librarian about requesting this dissertation through interlibrary loan.
A Novel Approach towards Real-Time Covert Timing Channel Detection
Abstract
Today’s world of data communication and networks has become, and will continue to be, an inevitable part of people’s lives. Communication technologies, network resources, and Internet services can be exploited for legitimate purposes, as well as nefarious purposes such as distributing malicious data and leaking sensitive information. One of the ways of abusing network resources is known as a covert channel, which is a hidden pathway between two specific endpoints that can communicate legitimately. The covert channel established by modifying Inter Packet Delays (IPDs) of network traffic is called the Covert Timing Channel (CTC). In general, covert communication poses a grave threat to networks and the Internet and needs be detected. Among various types of covert channels, detecting CTCs is more challenging and demanding. The vast majority of existing CTC detection approaches are able to detect a specific covert communication approach while also failing to detect a very similar CTC method. In addition, the existing CTC detection methods require extensive prior knowledge about past network traffic statistics in order to distinguish between overt and covert traffic. To address these limitations, we propose a novel approach to detect CTC activities based on the IPD distributions of network traffic. We present and leverage four different non-parametric statistical tests that can be utilized to generate very different statistical test scores for overt and covert traffic IPDs. Our new detection approach is designed around three major benefits. First, the new detection approach can detect various CTC algorithms that have similar impact on network traffic IPD distribution. Second, this technique is a real-time CTC detection, which can be applied to online network traffic. Last but not least, our detection approach reliably detects covert communication over online network traffic with minimal lag between the start of covert activity and the point of detection. We evaluated and verified the reliability and effectiveness of our detection approach utilizing a large number of overt and covert traffic streams and various scenarios. The obtained results show that the new detection approach can precisely differentiate between overt and covert network traffic and detect covert communication activities over 90% of the time.
Subject Area
Computer Engineering|Electrical engineering
Recommended Citation
Rezaei, Fahimeh, "A Novel Approach towards Real-Time Covert Timing Channel Detection" (2015). ETD collection for University of Nebraska-Lincoln. AAI3718719.
https://digitalcommons.unl.edu/dissertations/AAI3718719