“…• In addition to confirming the CCE test's effectiveness, we achieve higher rates compared to previous real-time detection experiments [4]. We achieve close to 10 Gbps using medium-sized packets.…”
Section: Introductionsupporting
confidence: 74%
“…Regularity tests represent higher order statistics, such as conditional entropy [5]. Different detection tests will be effective depending on the channel type [4]. IPCTCs alter both traffic shape and regularity, allowing detection by a variety of tests.…”
Section: A Detection Methodsmentioning
confidence: 99%
“…This can allow harmful exploits such as controlling botnets or leaking private data [4]. In this work, we will focus on detecting network covert timing channels, which function by encoding data inside the inter-packet delays (IPDs) of a network flow.…”
Section: Timing Channels and Detectionmentioning
confidence: 99%
“…Since the test scores for each flow are independent, a GPU can process many flows in parallel. Furthermore, the GPU can also perform the tests on individual flows in parallel, allowing real-time usage of more complex and effective detection tests such as the corrected conditional entropy of the IPD sequence, which could not be included in our previous CTC detection experiments [4].…”
Section: Introductionmentioning
confidence: 99%
“…Although previous work shows that the first-order entropy alone can be somewhat effective for detection, the false positive rate is still high [4]. A more effective detection method requires calculating the corrected conditional entropy (CCE), which is the conditional entropy calculation plus a corrective term accounting for the number of unique subsequences in the sample.…”
Abstract-As line rates continue to grow, network security applications such as covert timing channel (CTC) detection must utilize new techniques for processing network flows in order to protect critical enterprise networks. GPU-based packet processing provides one means of scaling the detection of CTCs and other anomalies in network flows. In this paper, we implement a GPUbased detection tool, capable of detecting model-based covert timing channels (MBCTCs). The GPU's ability to process a large number of packets in parallel enables more complex detection tests, such as the corrected conditional entropy (CCE) test-a modified version of the conditional entropy measurement, which has a variety of applications outside of covert channel detection. In our experiments, we evaluate the CCE test's true and false positive detection rates, as well as the time required to perform the test on the GPU. Our results demonstrate that GPU packet processing can be applied successfully to perform real-time CTC detection at near 10 Gbps with high accuracy.
“…• In addition to confirming the CCE test's effectiveness, we achieve higher rates compared to previous real-time detection experiments [4]. We achieve close to 10 Gbps using medium-sized packets.…”
Section: Introductionsupporting
confidence: 74%
“…Regularity tests represent higher order statistics, such as conditional entropy [5]. Different detection tests will be effective depending on the channel type [4]. IPCTCs alter both traffic shape and regularity, allowing detection by a variety of tests.…”
Section: A Detection Methodsmentioning
confidence: 99%
“…This can allow harmful exploits such as controlling botnets or leaking private data [4]. In this work, we will focus on detecting network covert timing channels, which function by encoding data inside the inter-packet delays (IPDs) of a network flow.…”
Section: Timing Channels and Detectionmentioning
confidence: 99%
“…Since the test scores for each flow are independent, a GPU can process many flows in parallel. Furthermore, the GPU can also perform the tests on individual flows in parallel, allowing real-time usage of more complex and effective detection tests such as the corrected conditional entropy of the IPD sequence, which could not be included in our previous CTC detection experiments [4].…”
Section: Introductionmentioning
confidence: 99%
“…Although previous work shows that the first-order entropy alone can be somewhat effective for detection, the false positive rate is still high [4]. A more effective detection method requires calculating the corrected conditional entropy (CCE), which is the conditional entropy calculation plus a corrective term accounting for the number of unique subsequences in the sample.…”
Abstract-As line rates continue to grow, network security applications such as covert timing channel (CTC) detection must utilize new techniques for processing network flows in order to protect critical enterprise networks. GPU-based packet processing provides one means of scaling the detection of CTCs and other anomalies in network flows. In this paper, we implement a GPUbased detection tool, capable of detecting model-based covert timing channels (MBCTCs). The GPU's ability to process a large number of packets in parallel enables more complex detection tests, such as the corrected conditional entropy (CCE) test-a modified version of the conditional entropy measurement, which has a variety of applications outside of covert channel detection. In our experiments, we evaluate the CCE test's true and false positive detection rates, as well as the time required to perform the test on the GPU. Our results demonstrate that GPU packet processing can be applied successfully to perform real-time CTC detection at near 10 Gbps with high accuracy.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.