Detecting JitterBug covert timing channel with sparse embedding. Issue 11 (1st February 2016)
- Record Type:
- Journal Article
- Title:
- Detecting JitterBug covert timing channel with sparse embedding. Issue 11 (1st February 2016)
- Main Title:
- Detecting JitterBug covert timing channel with sparse embedding
- Authors:
- Zhai, Jiangtao
Wang, Mingqian
Liu, Guangjie
Dai, Yuewei - Abstract:
- Abstract: As the detection methods of covert channels can provide a better way to detect the existence of advanced persistent threat, it has become a hot research topic in the field of network security. Although the existing methods can achieve feasible performance for detecting the JitterBug covert timing channel, they are ineffective when the covert timing channels are implemented with sparse embedding, especially for low embedding probability. In this paper, a new method to detect JitterBug covert timing channel with sparse embedding is proposed, in which the timing intervals are first modeled in histogram statistics, and then the Kolmogorov–Smirnov statistic is used for detection. In addition, the diversifications of the references and the model updating scheme in practical usage are analyzed. The experimental results show that the proposed method is effective when the embedding probability is 0.3, while the existing methods can effective only when the embedding probability is larger than 0.6. Copyright © 2016 John Wiley & Sons, Ltd. Abstract : The detection scheme mainly contains three parts: statistical range determination, histogram modeling, and calmative distribution function calculation. Then, the K–S method is used to give the detection results. Finally, the multi‐reference model and updating strategy are further proposed.
- Is Part Of:
- Security and communication networks. Volume 9:Issue 11(2016)
- Journal:
- Security and communication networks
- Issue:
- Volume 9:Issue 11(2016)
- Issue Display:
- Volume 9, Issue 11 (2016)
- Year:
- 2016
- Volume:
- 9
- Issue:
- 11
- Issue Sort Value:
- 2016-0009-0011-0000
- Page Start:
- 1509
- Page End:
- 1519
- Publication Date:
- 2016-02-01
- Subjects:
- covert timing channel -- detection accuracy -- histogram statistical model -- K–S statistic
Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.1440 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 1896.xml