Document Type
Technical Report
Publication Date
11-1-2005
Technical Report Number
TR2005-536
Abstract
Covert channels are mechanisms for communicating information in ways that are difficult to detect. Data exfiltration can be an indication that a computer has been compromised by an attacker even when other intrusion detection schemes have failed to detect a successful attack. Covert timing channels use packet inter-arrival times, not header or payload embedded information, to encode covert messages. This paper investigates the channel capacity of Internet-based timing channels and proposes a methodology for detecting covert timing channels based on how close a source comes to achieving that channel capacity. A statistical approach is then used for the special case of binary codes.
Dartmouth Digital Commons Citation
Berk, Vincent; Giani, Annarita; and Cybenko, George, "Detection of Covert Channel Encoding in Network Packet Delays" (2005). Computer Science Technical Report TR2005-536. https://digitalcommons.dartmouth.edu/cs_tr/269
Comments
This revision differs from the original only in the correction of one reference.