A pump for rapid, reliable, secure communication
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A note on the confinement problem
Communications of the ACM
On the nonstationarity of Internet traffic
Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Eliminating Steganography in Internet Traffic with Active Wardens
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Proceedings of the 10th ACM conference on Computer and communications security
Pattern Classification (2nd Edition)
Pattern Classification (2nd Edition)
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
The Pump: A Decade of Covert Fun
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Covert and Side Channels Due to Processor Architecture
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Discrete-Event Simulation: A First Course
Discrete-Event Simulation: A First Course
DSSS-Based Flow Marking Technique for Invisible Traceback
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
An information-theoretic and game-theoretic study of timing channels
IEEE Transactions on Information Theory
Cloak: a ten-fold way for reliable covert communications
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Robust and undetectable steganographic timing channels for i.i.d. traffic
IH'10 Proceedings of the 12th international conference on Information hiding
Stealthier inter-packet timing covert channels
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
CoCo: coding-based covert timing channels for network flows
IH'11 Proceedings of the 13th international conference on Information hiding
Cirripede: circumvention infrastructure using router redirection with plausible deniability
Proceedings of the 18th ACM conference on Computer and communications security
Network covert channels on the Android platform
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Mimic: An active covert channel that evades regularity-based detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Practical comprehensive bounds on surreptitious communication over DNS
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
The exploration of advanced covert timing channel design is important to understand and defend against covert timing channels. In this paper, we introduce a new class of covert timing channels, called model-based covert timing channels, which exploit the statistical properties of legitimate network traffic to evade detection in an effective manner. We design and implement an automated framework for building model-based covert timing channels. Our framework consists of four main components: filter, analyzer, encoder, and transmitter. The filter characterizes the features of legitimate network traffic, and the analyzer fits the observed traffic behavior to a model. Then, the encoder and transmitter use the model to generate covert traffic and blend with legitimate network traffic. The framework is lightweight, and the overhead induced by model fitting is negligible. To validate the effectiveness of the proposed framework, we conduct a series of experiments in LAN and WAN environments. The experimental results show that model-based covert timing channels provide a significant increase in detection resistance with only a minor loss in capacity.