A generalized detection framework for covert timing channels based on perceptual hashing
Abstract
Network covert channels use network resources to transmit data covertly, and their existence will seriously threaten network security. Therefore, an effective method is needed to prevent and detect them. Current network covert timing channel detection methods often incorporate machine learning methods in order to achieve generalized detection, but they consume a large amount of computational resources. In this paper, we propose a generalized detection framework for covert channels based on perceptual hashing without relying on machine learning methods. And we propose a one‐dimensional data feature descriptor for feature extraction of perceptual hash for the data characteristics of covert timing channels. We first generate the hash sequence of the corresponding channel to get the average hash, which is used for comparison in the test phase. The experimental results show that the feature descriptor can capture the feature differences of one‐dimensional data well. When compared to machine learning methods, this perceptual hashing algorithms enable faster traffic detection. Meanwhile, our method is able to detect the effectiveness with the smallest coverage window compared with the latest solutions. Moreover, it exhibits robustness in jitter network environment.
Graphical Abstract
In this paper, we propose a perceptual hashing method for network time covert channel detection. By using the one‐dimensional data feature descriptor LTO proposed in this paper, the generalized detection of covert channels is achieved while the minimum window for effective detection is greatly reduced.
References
[1]
Wendzel S, Zander S, Fechner B, Herdin C. A pattern‐based survey and categorization of network covert channel techniques. CoRR abs/1406.2901. 2014.
[2]
Hosseini SS, Azmi P, Mokari N. Minimizing average age of information in reliable covert communication on time‐varying channels. IEEE Trans Veh Technol. 2024;73(1):651‐659.
[3]
Duan Z, Yang X, Gong Y, Wang D, Wang L. Covert communication in uplink NOMA systems under channel distribution information uncertainty. IEEE Commun Lett. 2023;27(5):1282‐1286.
[4]
Lee J, Yeom H, Lee S‐H, Ha J. Channel correlation in multi‐user covert communication: friend or foe? IEEE Trans. Inf. Forensics Secur. 2024;19:1469‐1482.
[5]
He R, Chen J, Li G, et al. Channel‐aware jammer selection and power control in covert communication. IEEE Trans Veh Technol. 2024;73(2):2266‐2279.
[6]
Tan J, Liao X, Liu J, Cao Y, Jiang H. Channel attention image steganography with generative adversarial networks. IEEE Trans Netw Sci Eng. 2022;9(2):888‐903.
[7]
Zórawski P, Caviglione L, Mazurczyk W. A long‐term perspective of the internet susceptibility to covert channels. IEEE Commun Mag. 2023;61(10):171‐177.
[8]
Schneider M, Chang S‐F. A robust content based digital signature for image authentication. Proceedings 1996 International Conference on Image Processing, Lausanne, Switzerland, September 16‐19, 1996, pages 227‐230. IEEE Computer Society. 1996.
[9]
Cabuk S, Brodley CE, Shields C. IP covert timing channels: design and detection. In: Atluri V, Pfitzmann B, McDaniel PD, eds. Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004. ACM; 2004:178‐187.
[10]
Cabuk S. Network Covert Channels: Design, Analysis, Detection, and Elimination. PhD thesis. Purdue University; 2006.
[11]
Sellke SH, Wang C‐C, Bagchi S, Shroff NB. TCP/IP timing channels: theory to implementation. INFOCOM 2009. 28th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 19‐25 April 2009, Rio de Janeiro, Brazil, pages 2204‐2212. IEEE. 2009.
[12]
Shah G, Molina A. Keyboards and covert channels. In: Keromytis AD, ed. Proceedings of the 15th USENIX Security Symposium. USENIX Association; 2006.
[13]
Gianvecchio S, Wang H, Wijesekera D, Jajodia S. Model‐based covert timing channels: automated modeling and evasion. In: Lippmann R, Kirda E, Trachtenberg A, eds. Recent Advances in Intrusion Detection, 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15‐17, 2008. Proceedings, Volume 5230 of Lecture Notes in Computer Science. Springer; 2008:211‐230.
[14]
Shvartzman O, Ovadya A, Zvi K, et al. Characterization and detection of cross‐router covert channels. Comput Secur. 2023;127:103125.
[15]
Zillien S, Wendzel S. Weaknesses of popular and recent covert channel detection methods and a remedy. IEEE Trans. Depend Secur. Comput. 2023;20(6):5156‐5167.
[16]
Cabuk S, Brodley CE, Shields C. IP covert channel detection. ACM Trans Inf Syst Secur. 2009;12(4):22:1‐22:29.
[17]
Massey Jr FJ. The kolmogorov‐smirnov test for goodness of fit. J Am Stat Assoc. 1951;46(253):68‐78.
[18]
Gianvecchio S, Wang H. An entropy‐based approach to detecting covert timing channels. IEEE Trans. Depend Secur. Comput. 2011;8(6):785‐797.
[19]
Shrestha PL, Hempel M, Rezaei F, Sharif H. A support vector machine‐based framework for detection of covert timing channels. IEEE Trans. Depend Secur. Comput. 2016;13(2):274‐283.
[20]
Darwish O, Al‐Fuqaha AI, Brahim GB, Jenhani I, Vasilakos AV. Using hierarchical statistical analysis and deep neural networks to detect covert timing channels. Appl Soft Comput. 2019;82:105546.
[21]
Han J, Huang C, Shi F, Liu J. Covert timing channel detection method based on time interval and payload length analysis. Comput Secur. 2020;97:101952.
[22]
Al‐Eidi S, Darwish OA, Chen Y, Husari G. Snapcatch: automatic detection of covert timing channels using image processing and machine learning. IEEE Access. 2021;9:177‐191.
[23]
Li H, Song T, Yang Y. Generic and sensitive anomaly detection of network covert timing channels. IEEE Trans Depend Secur Comput. 2023;20(5):4085‐4100.
[24]
Liao X, Wang Y, Wang T, Juan H, Xiaoshuai W. FAMM: facial muscle motions for detecting compressed deepfake videos over social networks. IEEE Trans. Circuits Syst. Video Technol. 2023;33(12):7236‐7251.
[25]
Chen J, Liao X, Wang W, Qian Z, Qin Z, Wang Y. SNIS: a signal noise separation‐based network for post‐processed image forgery detection. IEEE Trans. Circuits Syst. Video Technol. 2023;33(2):935‐951.
[26]
Monga V, Evans BL. Perceptual image hashing via feature points: performance evaluation and tradeoffs. IEEE Trans Image Process. 2006;15(11):3452‐3465.
[27]
Chen L, Ye D, Shang Y. Perceptual video hashing with secure anti‐noise model for social video retrieval. IEEE Internet Things J. 2024;11(2):2648‐2664.
[28]
Huang Z, Liu S. Robustness and discrimination oriented hashing combining texture and invariant vector distance. In: Boll S, Lee KM, Luo J, et al., eds. 2018 ACM Multimedia Conference on Multimedia Conference, MM 2018, Seoul, Republic of Korea. ACM; 2018:1389‐1397.
[29]
Tang Z, Zhang X, Li X, Zhang S. Robust image hashing with ring partition and invariant vector distance. IEEE Trans Inf Forensics Secur. 2016;11(1):200‐214.
[30]
Karsh RK, Saikia A, Laskar RH. Image authentication based on robust image hashing with geometric correction. Multim Tools Appl. 2018;77(19):25409‐25429.
[31]
Qin C, Chen X, Dong J, Zhang X. Perceptual image hashing with selective sampling for salient structure features. Displays. 2016;45:26‐37.
[32]
Tang Z, Huang L, Zhang X, Lao H. Robust image hashing based on color vector angle and canny operator. AEU Int J Electron Commun. 2016;70(6):833‐841.
[33]
Liu H, Wang Y, Li F, Wang X, Liu C, Pecht MG. Perceptual vibration hashing by sub‐band coding: an edge computing method for condition monitoring. IEEE Access. 2019;7:129644‐129658.
[34]
Wang L, Chen Y. A perceptual hash‐based approach to detect covert timing channels. Int J Netw Secur. 2020;22(4):686‐697.
[35]
Zhang Q‐y, Bai J, Fu‐jiu X. A retrieval method for encrypted speech based on improved power normalized cepstrum coefficients and perceptual hashing. Multim. Tools Appl. 2022;81(11):15127‐15151.
[36]
Maamar H, Khalil Z, Hanane T, Guerroumi M, Zafoune Y. A replay attack detection scheme based on perceptual image hashing. Multim. Tools Appl. 2024;83(3):8999‐9031.
[37]
Li Y, Wang D, Tang L. Robust and secure image fingerprinting learned by neural network. IEEE Trans Circuits Syst Video Technol. 2020;30(2):362‐375.
[38]
Huang Z, Tang Z, Zhang X, Ruan L, Zhang X. Perceptual image hashing with locality preserving projection for copy detection. IEEE Trans. Depend Secur. Comput. 2023;20(1):463‐477.
[39]
Porta A, Baselli G, Liberati D, et al. Measuring regularity by means of a corrected conditional entropy in sympathetic outflow. Biol Cybern. 1998;78(1):71‐78.
[40]
Rosipal R. Kernel‐Based Regression and Objective Nonlinear Measures to Assess Brain Functioning. PhD thesis. University of Paisley; 2001.
[41]
Ojala T, Pietikainen M, Harwood D. Performance evaluation of texture measures with classification based on kullback discrimination of distributions. Proceedings of 12th International Conference on Pattern Recognition, volume 1, pages 582‐585. IEEE. 1994.
[42]
McKeown S, Buchanan WJ. Hamming distributions of popular perceptual hashing techniques. Forensic Sci Int Digit Investig. 2023;44:301509.
[43]
Domínguez LR, Román DT, Dehesa J, Rodríguez DM. Cauchy distribution for jitter in IP networks. 18th International Conference on Electronics, Communications and Computers, CONIELECOMP 2008, Cholula, Puebla, Mexico, March 3‐5, 2008, pages 35‐40. IEEE Computer Society. 2008.
Recommendations
Detecting covert timing channels: an entropy-based approach
CCS '07: Proceedings of the 14th ACM conference on Computer and communications securityThe detection of covert timing channels is of increasing interest in light of recent practice on the exploitation of covert timing channels over the Internet. However, due to the high variation in legitimate network traffic, detecting covert timing ...
An Entropy-Based Approach to Detecting Covert Timing Channels
The detection of covert timing channels is of increasing interest in light of recent exploits of covert timing channels over the Internet. However, due to the high variation in legitimate network traffic, detecting covert timing channels is a ...
IP covert timing channels: design and detection
CCS '04: Proceedings of the 11th ACM conference on Computer and communications securityA network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy and in a manner that can be difficult to detect. In this paper, we describe our implementation of a covert network timing ...
Comments
Information & Contributors
Information
Published In
© 2024 John Wiley & Sons, Ltd.
Publisher
John Wiley & Sons, Inc.
United States
Publication History
Published: 09 May 2024
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 28 Jan 2025