Towards Optimized TCP/IP Covert Channels Detection, IDS and Firewall Integration

Hammouda, Senda; Maalej, L.; Trabelsi, Zouheir

doi:10.1109/ntms.2008.ecp.101

Cited by 11 publications

(7 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most studies on the detection of storage covert channels were tested with a single popular tool (e.g. Covert-TCP), [47], [48], [51], [49] [42], [52], [53] with captured traffic [45], [46], [44], [48] or with a personalized developed tool for the purpose of research work [47]. The authors of this paper propose a detection concept that uses ML with 3 different algorithms, which are not based on own particular developed techniques but on popular tools instead.…”

Section: Fundamentals and Related Workmentioning

confidence: 99%

Detecting Selected Network Covert Channels Using Machine Learning

Chourib

2019

2019 International Conference on High Performance Computing &Amp; Simulation (HPCS)

View full text Add to dashboard Cite

Network covert channels break a computer's security policy to establish a stealthy communication. They are a threat being increasingly used by malicious software. Most previous studies on detecting network covert channels using Machine Learning (ML) were tested with a dataset that was created using one single covert channel tool and also are ineffective at classifying covert channels into patterns. In this paper, selected ML methods are applied to detect popular network covert channels. The capacity of detecting and classifying covert channels with high precision is demonstrated. A dataset was created from nine standard covert channel tools and the covert channels are then accordingly classified into patterns and labelled. Half of the generated dataset is used to train three different ML algorithms. The remaining half is used to verify the algorithms' performance. The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN). The k-NN model demonstrated the highest precision rate at 98% detection of a given covert channel and with a low false positive rate of 1%.

show abstract

Section: Fundamentals and Related Workmentioning

confidence: 99%

Detecting Selected Network Covert Channels Using Machine Learning

Chourib

2019

2019 International Conference on High Performance Computing &Amp; Simulation (HPCS)

View full text Add to dashboard Cite

show abstract

“…This explains why detection of covert communication is considered a big issue that faces security systems. Moreover, covert channels are not only used for the exchange of hidden information but could be exploited to pass malicious messages [2], Trojans, viruses, etc. in ways that couldn't be detected by common firewalls or detection systems.…”

Section: Introductionmentioning

confidence: 99%

“…Commonly, it is known that covert channels cannot be fully eliminated [3,4]. But there is a possibility that they could be reduced through careful analysis and design [2].…”

Section: Introductionmentioning

confidence: 99%

Survey on Covert Storage Channel in Computer Network Protocols Detection and Mitigation Techniques

Elsadig¹,

Fadlalla²

2016

Fourth International Conference on Advances in Information Processing and Communication Technology - IPCT 2016

View full text Add to dashboard Cite

Due to the rapid growth in number of different protocols over the internet, internet protocols have become an ideal vehicle for covert communications. They represent a high bandwidth for such communications. Moreover, new highspeed network technology has significantly amplified the network's covert channel capacity. Certainly, a covert channel bandwidth of only one bit size can easily allow transmission of a system bin code which can lead to tremendous risk. This paper presents a brief overview of network protocols-based covert channels, and surveys some recent and relevant work on covert channels detection and elimination techniques along with their achievements and limitations. In sum, the covert channel countermeasures-detection, elimination, mitigation, and capacity reduction-are still real challenges and lag behind an acceptable level of network security. Therefore, the research door is wide open for more contributions in this field.

show abstract

“…In the past few years, a wide variety of enumerationresistant distribution strategies [6], [7], [8], [9] were proposed and adopted by practical systems like Tor, JAP, etc. On the other hand, though traffic analysis-resistant technologies like encryption, protocol obfuscation [10], covert communication [11] are adopted in the communication between users and the access points, there still exists a possibility for the adversary to detect the communication between them [12], [13], [14], [15]. Once the connection is detected, the adversary can interrupt it and prevent any future connection attempts to the access point.…”

Section: Introductionmentioning

confidence: 99%

A Moving Target Framework to Improve Network Service Accessibility

Shi

Wang

Fang

et al. 2014

2014 9th IEEE International Conference on Networking, Architecture, and Storage

View full text Add to dashboard Cite

Nowadays, the problem of Internet services accessibility has become a hot topic with more and more cyber attacks and censorship. This has prompted the rapid development of jamming-resistance infrastructure consisting of multiple dynamic access points such as proxies, anonymous communication nodes and covert communication nodes. However, the channel between user and access point has become an emerging attacking target for the adversary. Once the channel is detected and identified by the adversary, the channel will be interrupted. Though users can require new access points from the infrastructure and resume the communication to their destination, the service quality will be downgraded dramatically due to the time-consuming bootstrapping process. In this paper, a moving target framework is proposed to improve the network service accessibility, which combines both time-consuming bootstrapping and frequent and low-cost channel refreshing operations. The constant channel refreshing operations is imported to limit the adversary's ability of detecting and blocking communications, thus to make the lifespan of effective communication longer. With theoretical and simulating analysis, the optimized refreshing strategy is proposed, which can help improve service accessibility.

show abstract

Towards Optimized TCP/IP Covert Channels Detection, IDS and Firewall Integration

Cited by 11 publications

References 5 publications

Detecting Selected Network Covert Channels Using Machine Learning

Detecting Selected Network Covert Channels Using Machine Learning

Survey on Covert Storage Channel in Computer Network Protocols Detection and Mitigation Techniques

A Moving Target Framework to Improve Network Service Accessibility

Contact Info

Product

Resources

About