HTTP Cookie Covert Channel Detection Based on Session Flow Interaction Features
نویسندگان
چکیده
HTTP cookie covert channel is a communication method that encodes malicious information in fields to escape regulatory audits. It difficult detect this kind of according the content because are mainly encoded custom modes. To effectively identify channel, paper proposes detection based on interaction features session flow. First, we split flow into fine-grained “interaction process” subflows comprehensively describe process cookie. Then, compare and analyze differences between channels normal communications process, design three types 7-dimensional features, build model combined with machine learning algorithm. Experimental results show our can channels, rate reach 99%. We also prove has advantages stability time performance compared existing methods through experiment analysis. In addition, certain practicability simulation environment imbalanced data.
منابع مشابه
Covert Channel in HTTP User-Agents
A subliminal covert channel establishes a nearly undetectable communication session within a pre-established data stream between two separate entities.This document explains how HTTP can be utilized to facilitate a covert channel over both local and wide area networks. The Hypertext Transfer Protocol (HTTP) accounts for a majority of the Internet’s daily web traffic and is permitted within almo...
متن کاملCovert Channel Detection and Analysis System Based on Data Mining
Covert channels and tunneling approaches are becoming a severe threat to information security. Penetration tools are employed to transit sensitive information through authorized streams. Since many current solutions are based on expert’s experiences or latter-wit, a self-learning detection and analysis system is starved for. A data mining framework for Covert Channel Detection and Analysis Syst...
متن کاملAn automatic HTTP cookie management system
HTTP cookies have been widely used for maintaining session states, personalizing, authenticating, and tracking user behaviors. Despite their importance and usefulness, cookies have raised public concerns on Internet privacy because they can be exploited by third-parties to track user behaviors and build user profiles. In addition, stolen cookies may also incur severe security problems. However,...
متن کاملNew Covert Channels in HTTP
This paper presents new methods enabling anonymous ommuni ation on the Internet. We des ribe a new proto ol that allows us to reate an anonymous overlay network by exploiting the web browsing a tivities of regular users. We show that the overlay network provides an anonymity set greater than the set of senders and re eivers in a realisti threat model. In parti ular, the proto ol provides unobse...
متن کاملMimic: An active covert channel that evades regularity-based detection
To counter the threat of leaks of sensitive and mission-critical information, high-security facilities employ multi-level security mechanisms in which information flows are prevented from high-security systems to lower-security systems. For networks, this includes the monitoring of all incoming and outgoing traffic, high-grade encryption for all data communication, intrusion detection systems, ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Security and Communication Networks
سال: 2023
ISSN: ['1939-0122', '1939-0114']
DOI: https://doi.org/10.1155/2023/1348393