2019, Epishkina, A., Finoshin, M., Kogos, K., Yazykova, A., Епишкина, Анна Васильевна, Финошин, Михаил Александрович, Когос, Константин Григорьевич

© 2019 IEEE.Currently, packet data networks are widespread. Their architectural features allow constructing covert channels that are able to transmit covert data under the conditions of using standard protection measures. However, encryption or packets length normalization, leave the possibility for an intruder to transfer covert data via timing covert channels (TCCs). In turn, inter-packet delay (IPD) normalization leads to reducing communication channel capacity. Detection is an alternative countermeasure. At the present time, detection methods based on machine learning are widely studied. The complexity of TCCs detection based on machine learning depends on the availability of traffic samples, and on the possibility of an intruder to change covert channels parameters. In the current work, we explore the cases of TCCs detection via.

2020, Yazykova, A., Finoshin, M., Kogos, K., Финошин, Михаил Александрович, Когос, Константин Григорьевич

© 2020, Springer Nature Switzerland AG.The peculiarities of the batch data transmission networks make it possible to use covert channels, which survive under standard protective measures, to perform data leaks. However, storage covert channels can be annihilated by means of limiting the flow capacity, or by use of encryption. The measures against storage covert channels cannot be implemented against timing covert channels (TCCs), otherwise their usage has to be conditioned by certain factors. For instance, while packet encryption an intruder still possesses the ability to covertly transfer the data. At the same time, normalization of inter-packet delays (IPDs) influences the flow capacity in a greater degree than sending fixed-length packets does. Detection can be called an alternative countermeasure. At the present time, detection methods based on artificial intelligence have been widespreadly used, however the possibility to implement these methods under conditions of a covert channel parametrization has not been investigated. In the current work, we study the possibility to implement artificial intelligence for detecting TCCs under conditions of varying covert channel characteristics: flow capacity and encoding scheme. The detection method is based on machine learning algorithms that solve the problem of binary classification.