A Protocol Independent Approach in Network Covert Channel Detection
| Title | A Protocol Independent Approach in Network Covert Channel Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Ayub, Md. Ahsan, Smith, Steven, Siraj, Ambareen |
| Conference Name | 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) |
| Date Published | Aug. 2019 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-1664-8 |
| Keywords | composability, compositionality, covert channel communication, covert channels, Decision Tree, DNS, DNS protocols, feature extraction, generic detection model, IP networks, IP protocols, IPv4, k-nearest neighbors, Kernel, logistic regression, Logistics, machine learning, network covert channel, network storage covert channel detection, network traffic dataset, protocol independent approach, protocol-independent approach, Protocols, pubcrawl, resilience, Resiliency, Scalability, stealth tunnels, supervised learning, supervised machine learning technique, support vector machine (SVM), Support vector machines, TCP, TCP protocols, telecommunication computing, telecommunication traffic, wireless channels |
| Abstract | Network covert channels are used in various cyberattacks, including disclosure of sensitive information and enabling stealth tunnels for botnet commands. With time and technology, covert channels are becoming more prevalent, complex, and difficult to detect. The current methods for detection are protocol and pattern specific. This requires the investment of significant time and resources into application of various techniques to catch the different types of covert channels. This paper reviews several patterns of network storage covert channels, describes generation of network traffic dataset with covert channels, and proposes a generic, protocol-independent approach for the detection of network storage covert channels using a supervised machine learning technique. The implementation of the proposed generic detection model can lead to a reduction of necessary techniques to prevent covert channel communication in network traffic. The datasets we have generated for experimentation represent storage covert channels in the IP, TCP, and DNS protocols and are available upon request for future research in this area. |
| URL | https://ieeexplore.ieee.org/document/8919567 |
| DOI | 10.1109/CSE/EUC.2019.00040 |
| Citation Key | ayub_protocol_2019 |
- supervised learning
- network traffic dataset
- protocol independent approach
- protocol-independent approach
- Protocols
- pubcrawl
- resilience
- Resiliency
- Scalability
- stealth tunnels
- network storage covert channel detection
- supervised machine learning technique
- support vector machine (SVM)
- Support vector machines
- TCP
- TCP protocols
- telecommunication computing
- telecommunication traffic
- wireless channels
- IP networks
- Compositionality
- covert channel communication
- covert channels
- Decision Tree
- DNS
- DNS protocols
- feature extraction
- generic detection model
- composability
- IP protocols
- IPv4
- k-nearest neighbors
- Kernel
- logistic regression
- Logistics
- machine learning
- network covert channel