Elements of information theory
Elements of information theory
End-to-end internet packet dynamics
IEEE/ACM Transactions on Networking (TON)
ACM SIGCOMM Computer Communication Review
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Detecting covert timing channels: an entropy-based approach
Proceedings of the 14th ACM conference on Computer and communications security
Cauchy Distribution for Jitter in IP Networks
CONIELECOMP '08 Proceedings of the 18th International Conference on Electronics, Communications and Computers (conielecomp 2008)
Model-Based Covert Timing Channels: Automated Modeling and Evasion
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Empirical Evaluation of Hash Functions for PacketID Generation in Sampled Multipoint Measurements
PAM '09 Proceedings of the 10th International Conference on Passive and Active Network Measurement
Rapid identification of Skype traffic flows
Proceedings of the 18th international workshop on Network and operating systems support for digital audio and video
Hide and seek in time: robust covert timing channels
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A Survey of Covert Channels and Countermeasures in Computer Network Protocols
IEEE Communications Surveys & Tutorials
Cirripede: circumvention infrastructure using router redirection with plausible deniability
Proceedings of the 18th ACM conference on Computer and communications security
Hi-index | 0.00 |
Covert channels aimto hide the existence of communication. Recently proposed packet-timing channels encode covert data in inter-packet times, based on models of inter-packet times of normal traffic. These channels are detectable if normal inter-packet times are not independent identically-distributed, which we demonstrate is the case for several network applications. We show that ∼80% of channels are detected with a false positive rate of 0.5%. We then propose an improved channel that is much harder to detect. Only ∼9% of our new channels are detected at a false positive rate of 0.5%. Our new channel uses packet content for synchronisation and works with UDP and TCP traffic. The channel capacity reaches over hundred bits per second depending on overt traffic and network jitter.