research-article

Detection of Network Time Covert Channels Based on Image Processing

Authors:

Teng ZhanAuthors Info & Claims

CNIOT '23: Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things

Pages 701 - 707

https://doi.org/10.1145/3603781.3603906

Published: 27 July 2023 Publication History

Abstract

Abstract: Network covert timing channels (NCTCs) utilize Inter-Packet Delay (IPD) encoding to hide data. It can be used for spreading malware and data leakage, posing severe threats to network security. With the increasing risk, the research on NCTC detection has become an important and urgent task. However, the detection methods based on IPD statistics are only effective for few types of channels and require large IPD sampling samples. The recent ML-based detection methods have multiple limitations due to their coarse-grained feature extraction method. In this paper, we propose a multi-channel image transformation method for extracting IPD features and select the lightweight network MobileVit for detection. We encode IPD one-dimensional time-series data into Gramian Angular Field (GAF), Markov Transition Field (MTF), and Recurrence plot (RP) images and stack them into dual-channel and three-channel images. After image transformation, we compare mainstream image classification networks and a self-built CNN. Experimental results show that our feature extraction image classification is more effective than the existing IPD extraction image transformation method. The MobileVit network shows better detection performance and accuracy, requiring fewer IPD sampling samples for detection windows.

References

[1]

Caviglione L, Choraś M, Corona I, Tight arms race: Overview of current malware threats and trends in their detection[J]. IEEE Access, 2020, 9: 5371-5396.

[2]

Liang C, Baker T, Li Y, Building covert timing channel of the IoT-enabled MTS based on multi-stage verification[J]. IEEE Transactions on Intelligent Transportation Systems, 2021.

[3]

Edwards J J, Brown J D, Mason P C. Using covert timing channels for attack detection in MANETs[C]//MILCOM 2012-2012 IEEE Military Communications Conference. IEEE, 2012: 1-7.

[4]

Kiyavash N, Coleman T. Covert timing channels codes for communication over interactive traffic[C]//2009 IEEE International Conference on Acoustics, Speech and Signal Processing. IEEE, 2009: 1485-1488.

[5]

Radhakrishnan S V, Uluagac A S, Beyah R. Realizing an 802.11-based covert timing channel using off-the-shelf wireless cards[C]//2013 IEEE Global Communications Conference (GLOBECOM). IEEE, 2013: 722-728.

[6]

Cotroneo D, De Simone L, Natella R. Timing covert channel analysis of the vxworks mils embedded hypervisor under the common criteria security certification[J]. Computers & Security, 2021, 106: 102307.

Digital Library

[7]

Abbas M K, Sandikkaya M T. An efficient VoLTE covert timing channel for 5 G networks: RDCTC[J]. Optik, 2022, 270: 170076.

[8]

Zillien S, Wendzel S. Weaknesses of popular and recent covert channel detection methods and a remedy[J]. IEEE Transactions on Dependable and Secure Computing, 2023.

Digital Library

[9]

Ayub M A, Smith S, Siraj A. A protocol independent approach in network covert channel detection[C]//2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). IEEE, 2019: 165-170.

[10]

Xin Y, Kong L, Liu Z, Machine learning and deep learning methods for cybersecurity[J]. Ieee access, 2018, 6: 35365-35381.

[11]

Zhai J, Wang M, Liu G, Detecting JitterBug covert timing channel with sparse embedding[J]. Security and Communication Networks, 2016, 9(11): 1509-1519.

Digital Library

[12]

Cabuk S. Network covert channels: Design, analysis, detection, and elimination[D]. Purdue University, 2006.

[13]

Massey Jr F J. The Kolmogorov-Smirnov test for goodness of fit[J]. Journal of the American statistical Association, 1951, 46(253): 68-78.

[14]

Cabuk S, Brodley C E, Shields C. IP covert timing channels: design and detection[C]//Proceedings of the 11th ACM conference on Computer and communications security. 2004: 178-187.

[15]

Gianvecchio S, Wang H. An entropy-based approach to detecting covert timing channels[J]. IEEE Transactions on Dependable and Secure Computing, 2010, 8(6): 785-797.

Digital Library

[16]

Li H, Song T, Yang Y. Generic and Sensitive Anomaly Detection of Network Covert Timing Channels[J]. IEEE Transactions on Dependable and Secure Computing, 2022.

[17]

Elsadig M A, Gafar A. Covert channel detection: machine learning approaches[J]. IEEE Access, 2022, 10: 38391-38405.

[18]

Wang Z, Oates T. Encoding time series as images for visual inspection and classification using tiled convolutional neural networks[C]//Workshops at the twenty-ninth AAAI conference on artificial intelligence. Menlo Park, CA, USA: AAAI, 2015, 1.

[19]

Eckmann J P, Kamphorst S O, Ruelle D. Recurrence Plots of Dynamical Systems[J]. Europhysics Letters, 1987, 4(9): 973.

[20]

Marwan N, Romano M C, Thiel M, Recurrence plots for the analysis of complex systems[J]. Physics reports, 2007, 438(5-6): 237-329.

[21]

Chen L, Li S, Bai Q, Review of image classification algorithms based on convolutional neural networks[J]. Remote Sensing, 2021, 13(22): 4712.

[22]

Mehta S, Rastegari M. Mobilevit: light-weight, general-purpose, and mobile-friendly vision transformer[J]. arXiv preprint arXiv:2110.02178, 2021.

[23]

Faouzi J, Janati H. pyts: A python package for time series classification[J]. The Journal of Machine Learning Research, 2020, 21(1): 1720-1725.

Digital Library

[24]

He K, Zhang X, Ren S, Deep residual learning for image recognition[C]//Proceedings of the IEEE conference on computer vision and pattern recognition. 2016: 770-778.

[25]

Liu Z, Lin Y, Cao Y, Swin transformer: Hierarchical vision transformer using shifted windows[C]//Proceedings of the IEEE/CVF international conference on computer vision. 2021: 10012-10022.

[26]

Liu Z, Mao H, Wu C Y, A convnet for the 2020s[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2022: 11976-11986.

[27]

Ma N, Zhang X, Zheng H T, Shufflenet v2: Practical guidelines for efficient cnn architecture design[C]//Proceedings of the European conference on computer vision (ECCV). 2018: 116-131.

[28]

Sellke S H, Wang C C, Bagchi S, TCP/IP timing channels: Theory to implementation[C]//IEEE INFOCOM 2009. IEEE, 2009: 2204-2212.

[29]

Shah G, Molina A, Blaze M. Keyboards and Covert Channels[C]//USENIX Security Symposium. 2006, 15: 64.

[30]

Jorgensen S, Holodnak J, Dempsey J, Extensible machine learning for encrypted network traffic application labeling via uncertainty quantification[J]. IEEE Transactions on Artificial Intelligence, 2023.

[31]

Russakovsky O, Deng J, Su H, Imagenet large scale visual recognition challenge[J]. International journal of computer vision, 2015, 115: 211-252.

Digital Library

[32]

Al-Eidi S, Darwish O, Chen Y, SnapCatch: automatic detection of covert timing channels using image processing and machine learning[J]. IEEE Access, 2020, 9: 177-191.

[33]

Sun C, Chen Y, Tian H, Covert timing channels detection based on auxiliary classifier generative adversarial network[J]. IEEE Open Journal of the Computer Society, 2021, 2: 407-418.

[34]

Al-Eidi S, Darwish O, Husari G, Convolutional Neural Network Structure to Detect and Localize CTC Using Image Processing[C]//2022 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS). IEEE, 2022: 1-7.

[35]

Darwish O, Al-Fuqaha A, Brahim G B, Using hierarchical statistical analysis and deep neural networks to detect covert timing channels[J]. Applied Soft Computing, 2019, 82: 105546.

Digital Library

[36]

Chen J, Kao S, He H, Run, Don't Walk: Chasing Higher FLOPS for Faster Neural Networks[J]. arXiv preprint arXiv:2303.03667, 2023.

Cited By

Schymiczek JSchmidbauer TWendzel S(2024)A Case Study on the Detection of Hash-Chain-based Covert Channels Using Heuristics and Machine LearningProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670877(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670877

Index Terms

Detection of Network Time Covert Channels Based on Image Processing
1. Computing methodologies
  1. Artificial intelligence
    1. Computer vision
2. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

Iterative space-time processing for multiuser detection in multipath CDMA channels

Space-time processing and multiuser detection are two promising techniques for combating multipath distortion and multiple-access interference in code division multiple access (CDMA) systems. To overcome the computational burden that rises very quickly ...
Network covert channels: design, analysis, detection, and elimination
Optimum diversity combiner based multiuser detection for time-dispersive Rician fading CDMA channels

Multiuser detection for asynchronous code division multiple access (CDMA) data transmission over the time-dispersive two-path Rician fading channel is considered. The multiuser maximum likelihood sequence detector (MLSD) is derived, and an equivalence ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CNIOT '23: Proceedings of the 2023 4th International Conference on Computing, Networks and Internet of Things

May 2023

1025 pages

ISBN:9798400700705

DOI:10.1145/3603781

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 July 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CNIOT'23

CNIOT'23: 2023 4th International Conference on Computing, Networks and Internet of Things

May 26 - 28, 2023

Xiamen, China

Acceptance Rates

Overall Acceptance Rate 39 of 82 submissions, 48%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
35
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)1

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Schymiczek JSchmidbauer TWendzel S(2024)A Case Study on the Detection of Hash-Chain-based Covert Channels Using Heuristics and Machine LearningProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670877(1-10)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670877

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents