Covert timing channel detection method based on time interval and payload length analysis

2020 ◽  
Vol 97 ◽  
pp. 101952 ◽  
Author(s):  
Jiaxuan Han ◽  
Cheng Huang ◽  
Fan Shi ◽  
Jiayong Liu
Keyword(s):  
Detection Method ◽  
Time Interval ◽  
Channel Detection ◽  
Timing Channel ◽  
Covert Timing Channel ◽  
Length Analysis

Entropy-based analyzing anomaly WEB traffic

2020 ◽  
Vol 26 (4) ◽  
pp. 255-266
Author(s):  
Mehrdad Nasseralfoghara ◽  
HamidReza Hamidi
Keyword(s):  
Detection Method ◽  
Covert Channel ◽  
Web Traffic ◽  
Timing Channel ◽  
The Creation ◽  
Covert Timing Channel ◽  
Http Protocol ◽  
Controlling Measures ◽  
Different Levels

The application nature of HTTP protocol allows the creation of a covert timing channel based on different features of this protocol (or different levels) that has not been addressed in previous research. In this article, the entropy-based detection method was designed and implemented. The attacker can adjust the amount of channel entropy by controlling measures such as changing the channel’s level or creating noise on the channel to protect from the analyzer’s detection. As a result, the entropy threshold is not always constant for detection. By comparing the entropy from different levels of the channel and the analyzer, we concluded that the analyzer must investigate traffic at all possible levels. We also illustrated that by making noise on a covert channel, its capacity would decrease, but as entropy increases, it would be harder to detect it.

Reliable and double-blind IP covert timing channel

2013 ◽  
Vol 32 (6) ◽  
pp. 1636-1639
Author(s):  
Xing-xing GUAN ◽  
Chang-da WANG ◽  
Zhi-guo LI ◽  
Zhao-jun BO
Keyword(s):  
Double Blind ◽  
Timing Channel ◽  
Covert Timing Channel
Sign in / Sign up

Export Citation Format

Share Document