Covert Channel Detection Using Machine Learning

Cavusoglu I. G., ALEMDAR H., ONUR E.

28th Signal Processing and Communications Applications Conference (SIU), ELECTR NETWORK, 5 - 07 October 2020 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/siu49456.2020.9302098
  • Keywords: Covert Channel, Covert Channel Detection, Machine Learning, Decision Tree
  • Middle East Technical University Affiliated: Yes


A covert channel is a communication method that misuses legitimate resources to bypass intrusion detection systems. They can be used to do illegal work like leaking classified (or sensitive) data or sending commands to malware bots. Network timing channels are a type of these channels that use inter-arrival times between network packets to encode the data to be sent. In this study, we worked with two types of network covert channels: Fixed Interval and Jitterbug. We were able to distinguish these channels from legitimate ones by using decision trees that use four statistical features (mean, variance, skewness, and kurtosis).