Open AccessAnalytic Study of Features for the Detection of Covert Timing Channels in NetworkTraffic
Author(s) -
Félix Iglesias Vázquez,
Robert Annessi,
Tanja Zseby
Publication year - 2017
Publication title -
journal of cyber security and mobility
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.198
H-Index - 9
eISSN - 2245-4578
pISSN - 2245-1439
DOI - 10.13052/2245-1439.632
Subject(s) - covert , computer science , covert channel , identification (biology) , selection (genetic algorithm) , machine learning , artificial intelligence , biometrics , data mining , pattern recognition (psychology) , cloud computing , security information and event management , philosophy , linguistics , botany , biology , cloud computing security , operating system
Covert timing channels are security threats that have concerned the expert community from the beginnings of secure computer networks. In this paper we explore the nature of covert timing channels by studying the behavior of a selection of features used for their detection. Insights are obtained from experimental studies based on ten covert timing channels techniques published in the literature, which include popular and novel approaches. The study digs into the shapes of flows containing covert timing channels from a statistical perspective as well as using supervised and unsupervised machine learning algorithms. Our experiments reveal which features are recommended for building detection methods and draw meaningful representations to understand the problem space. Covert timing channels show high histogramdistance based outlierness, but insufficient to clearly discriminate them from normal traffic. On the other hand, traffic features do show dependencies that allow separating subspaces and facilitate the identification of covert timing channels. The conducted study shows the detection difficulties due to the high shape variability of normal traffic and suggests the implementation of semi-supervised techniques to develop accurate and reliable detectors.