Covert timing channel attack detection and localization using machine learning frameworks

Al-Eidi, Shorouq (2021) Covert timing channel attack detection and localization using machine learning frameworks. Doctoral (PhD) thesis, Memorial University of Newfoundland.

[English] PDF - Accepted Version Available under License - The author retains copyright ownership and moral rights in this thesis. Neither the thesis nor substantial extracts from it may be printed or otherwise reproduced without the author's permission. Download (2MB)

Abstract

A covert timing channel is method that utilize to bypass security rules and transfer illegal data across several networks. It conceals critical data from the networks it targets by using traffic inter-arrival times. These channels are utilized by hostile tactics in a variety of damaging situations, including the exposure of economic and military secrets. Because they are not utilizing a new system, existing computer systems may be targeted to spread malware or worms without being discovered. Data leakage from cyber-attacks is on the rise, making the use of covert timing channels a significant network security issue that is getting more complex and pervasive. Therefore, identifying and mitigating the usage of covert timing channels is crucial in today's information technology architecture and network security. Many private and public companies are trying to develop techniques for identifying and eliminating covert timing channels. These approaches would benefit from an information security decision support system that was developed on top of them to assist protect the IT infrastructure. This dissertation makes significant advances fully automated covert timing channel identification and reduces the amount of data that might be transmitted over such channels. It provides a range of dependable and quick detection methods for successfully thwarting hidden timing channels. Images and sequential time series are used in these detection systems and different machine learning and deep learning methods. This study varies from others in the recent literature in the following ways: it combines different input data with various supervised and unsupervised machine learning methods, achieving noteworthy results, and giving important insight into how other solutions are used to develop realistic detection methods for detecting such channels in a variety of applications. The dissertation also introduces a novel method for precisely identifying traffic ow segments carrying covert communications. This accurate identification substantially minimizes overt traffic interruptions caused by non-malicious apps. Furthermore, it enhances the Quality of Service (QoS) that is compromised when the whole traffic ow is lost since it is highly disruptive to the QoS of the overt traffic of legitimate applications, which may include the majority of the packets in the dropped ows. The performance of the proposed methods in this research was tested and compared using various configurations of covert timing channel attacks ranging from simple to stealthy channels based on various sophisticated defensive strategies. These assaults also made use of various sizes of hidden messages. Our comparative analysis demonstrates a possible path for developing effective covert channel detection models utilizing a variety of input data and techniques, eliminating the requirement for robust and diverse concealed network traffic behavior.

Actions (login required)

View Item