Technical Report series
TR home
TR search TR listserv
|
|
Dartmouth College Computer Science Technical Report series |
CS home TR home TR search TR listserv |
| By author: | A B C D E F G H I J K L M N O P Q R S T U V W Y Z | |
| By number: | 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999, 1998, 1997, 1996, 1995, 1994, 1993, 1992, 1991, 1990, 1989, 1988, 1987, 1986 | |
Abstract:
Covert channels are mechanisms for communicating information in
ways that are difficult to detect. Data exfiltration can be an
indication that a computer has been compromised by an attacker
even when other intrusion detection schemes have failed to detect
a successful attack. Covert timing channels use packet
inter-arrival times, not header or payload embedded information,
to encode covert messages. This paper investigates the channel
capacity of Internet-based timing channels and proposes a
methodology for detecting covert timing channels based on how
close a source comes to achieving that channel capacity. A
statistical approach is then used for the special case of binary
codes.
Note:
This revision differs from the original only in the correction of one
reference.
PDF (144KB)
Bibliographic citation for this report: [plain text] [BIB] [BibTeX] [Refer]
Or copy and paste:
Vincent Berk,
Annarita Giani, and
George Cybenko,
"Detection of Covert Channel Encoding in Network Packet Delays."
Dartmouth Computer Science Technical Report TR2005-536,
August 2005.
Want to be notified about new tech reports? Join our mailing list.
Want to search our technical reports?
Want us to mail you a paper copy of a report? Send your address and the TR number to reports AT cs.dartmouth.edu
Copyright notice: The documents contained in this server are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.