Performance Analysis of Real-Time Covert Timing Channel Detection Using a Parallel System

“…• In addition to confirming the CCE test's effectiveness, we achieve higher rates compared to previous real-time detection experiments [4]. We achieve close to 10 Gbps using medium-sized packets.…”

“…Regularity tests represent higher order statistics, such as conditional entropy [5]. Different detection tests will be effective depending on the channel type [4]. IPCTCs alter both traffic shape and regularity, allowing detection by a variety of tests.…”

“…This can allow harmful exploits such as controlling botnets or leaking private data [4]. In this work, we will focus on detecting network covert timing channels, which function by encoding data inside the inter-packet delays (IPDs) of a network flow.…”

“…Since the test scores for each flow are independent, a GPU can process many flows in parallel. Furthermore, the GPU can also perform the tests on individual flows in parallel, allowing real-time usage of more complex and effective detection tests such as the corrected conditional entropy of the IPD sequence, which could not be included in our previous CTC detection experiments [4].…”

“…Although previous work shows that the first-order entropy alone can be somewhat effective for detection, the false positive rate is still high [4]. A more effective detection method requires calculating the corrected conditional entropy (CCE), which is the conditional entropy calculation plus a corrective term accounting for the number of unique subsequences in the sample.…”

Real-time GPU-based timing channel detection using entropy

“…• In addition to confirming the CCE test's effectiveness, we achieve higher rates compared to previous real-time detection experiments [4]. We achieve close to 10 Gbps using medium-sized packets.…”

“…Regularity tests represent higher order statistics, such as conditional entropy [5]. Different detection tests will be effective depending on the channel type [4]. IPCTCs alter both traffic shape and regularity, allowing detection by a variety of tests.…”

“…This can allow harmful exploits such as controlling botnets or leaking private data [4]. In this work, we will focus on detecting network covert timing channels, which function by encoding data inside the inter-packet delays (IPDs) of a network flow.…”

“…Since the test scores for each flow are independent, a GPU can process many flows in parallel. Furthermore, the GPU can also perform the tests on individual flows in parallel, allowing real-time usage of more complex and effective detection tests such as the corrected conditional entropy of the IPD sequence, which could not be included in our previous CTC detection experiments [4].…”

“…Although previous work shows that the first-order entropy alone can be somewhat effective for detection, the false positive rate is still high [4]. A more effective detection method requires calculating the corrected conditional entropy (CCE), which is the conditional entropy calculation plus a corrective term accounting for the number of unique subsequences in the sample.…”

Real-time GPU-based timing channel detection using entropy