Covert channel detection using Information Theory
نویسندگان
چکیده
This paper presents an information theory based detection framework for covert channels. We first show that the usual notion of interference does not characterize the notion of deliberate information flow of covert channels. We then show that even an enhanced notion of “iterated multivalued interference” can not capture flows with capacity lower than one bit of information per channel use. We then characterize and compute the capacity of covert channels that use control flows for a class of systems.
منابع مشابه
Information Leakage via Protocol-Based Covert Channels: Detection, Automation, and Applications
With the emergence of computers in every day activities and with the ever-growing complexity of networks and network communication protocols, covert channels are becoming an eminent threat to the confidentiality of information. In light of this threat, we propose a technique to detect confidential information leakage via covert channels. Although several works examine covert channel detection a...
متن کاملEmploying Entropy in the Detection and Monitoring of Network Covert Channels
The detection of covert channels has quickly become a vital need due to their pervasive nature and the increasing popularity of the Internet. In recent years, new and innovative methods have been proposed to aid in the detection of covert channels. Existing detection schemes are often too specific and are ineffective against new covert channels. In this paper, we expound upon previous work done...
متن کاملCorrelating Packet Timing with Memory Content Detects IP Covert Timing Channels
We report a novel approach for detecting a hostile process extruding data through a covert timing channel. Our method looks for correlations between the timing of network traffic and bit strings in the address space of the suspicious process. Background Covert leakage of sensitive information from governmental or corporate systems remains a significant threat. Intelligent network gateways can c...
متن کاملDesign of Transport Layer Based Hybrid Covert Channel Detection Engine
Computer network is unpredictable due to information warfare and is prone to various attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such attacks are devised using special communication channel called ``Covert Channel''. The word ``Covert'' stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within legitim...
متن کاملطراحی و ارزیابی روش کدگذاری ترکیبی برای کانال پوششی زمانبندیدار در شبکه اینترنت
Covert channel means communicating information through covering of overt and authorized channel in a manner that existence of channel to be hidden. In network covert timing channels that use timing features of transmission packets to modulating covert information, the appropriate encoding schema is very important. In this paper, a hybrid encoding schema proposed through combining "the inter-pac...
متن کامل