Covert Channel Detection Using Machine Learning


Cavusoglu I. G., ALEMDAR H., ONUR E.

28th Signal Processing and Communications Applications Conference (SIU), ELECTR NETWORK, 5 - 07 Ekim 2020 identifier identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1109/siu49456.2020.9302098
  • Basıldığı Ülke: ELECTR NETWORK
  • Anahtar Kelimeler: Covert Channel, Covert Channel Detection, Machine Learning, Decision Tree
  • Orta Doğu Teknik Üniversitesi Adresli: Evet

Özet

A covert channel is a communication method that misuses legitimate resources to bypass intrusion detection systems. They can be used to do illegal work like leaking classified (or sensitive) data or sending commands to malware bots. Network timing channels are a type of these channels that use inter-arrival times between network packets to encode the data to be sent. In this study, we worked with two types of network covert channels: Fixed Interval and Jitterbug. We were able to distinguish these channels from legitimate ones by using decision trees that use four statistical features (mean, variance, skewness, and kurtosis).