Paper Info
Title
Model-Based Covert Timing Channels: Automated Modeling and Evasion
Abstract
The exploration of advanced covert timing channel design is important to understand and defend against covert timing channels. In this paper, we introduce a new class of covert timing channels, called model-based covert timing channels, which exploit the statistical properties of legitimate network traffic to evade detection in an effective manner. We design and implement an automated framework for building model-based covert timing channels. Our framework consists of four main components: filter, analyzer, encoder, and transmitter. The filter characterizes the features of legitimate network traffic, and the analyzer fits the observed traffic behavior to a model. Then, the encoder and transmitter use the model to generate covert traffic and blend with legitimate network traffic. The framework is lightweight, and the overhead induced by model fitting is negligible. To validate the effectiveness of the proposed framework, we conduct a series of experiments in LAN and WAN environments. The experimental results show that model-based covert timing channels provide a significant increase in detection resistance with only a minor loss in capacity.
Year
DOI
Venue
2008
10.1007/978-3-540-87403-4_12
RAID
Keywords
Field
DocType
automated framework,detection resistance,model fitting,observed traffic behavior,proposed framework,advanced covert timing channel,model-based covert timing channel,model-based covert timing channels,automated modeling,covert timing channel,legitimate network traffic,covert traffic
Transmitter,Computer science,Computer security,Communication channel,Covert,Real-time computing,Exploit,Building model,Encoder,Spectrum analyzer
Conference
Volume
ISSN
Citations 
5230
0302-9743
60
PageRank 
References 
Authors
2.15
18
4
Name
Order
Citations
PageRank
Steven Gianvecchio158326.81
Haining Wang22574160.07
Duminda Wijesekera31464141.54
Sushil Jajodia493751839.16