%0 Conference Proceedings
%T Decision Tree Rule Induction for Detecting Covert Timing Channels in TCP/IP Traffic
%+ Vienna University of Technology = Technische Universität Wien (TU Wien)
%A Iglesias, Félix
%A Bernhardt, Valentin
%A Annessi, Robert
%A Zseby, Tanja
%Z Part 3: MAKE Privacy
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 1st International Cross-Domain Conference for Machine Learning and Knowledge Extraction (CD-MAKE)
%C Reggio, Italy
%Y Andreas Holzinger
%Y Peter Kieseberg
%Y A Min Tjoa
%Y Edgar Weippl
%I Springer International Publishing
%3 Machine Learning and Knowledge Extraction
%V LNCS-10410
%P 105-122
%8 2017-08-29
%D 2017
%R 10.1007/978-3-319-66808-6_8
%K Covert channels
%K Decision trees
%K Forensic analysis
%K Machine learning
%K Network communications
%K Statistics
%Z Computer Science [cs]
%Z Humanities and Social Sciences/Library and information sciencesConference papers
%X The detection of covert channels in communication networks is a current security challenge. By clandestinely transferring information, covert channels are able to circumvent security barriers, compromise systems, and facilitate data leakage. A set of statistical methods called DAT (Descriptive Analytics of Traffic) has been previously proposed as a general approach for detecting covert channels. In this paper, we implement and evaluate DAT detectors for the specific case of covert timing channels. Additionally, we propose machine learning models to induce classification rules and enable the fine parameterization of DAT detectors. A testbed has been created to reproduce main timing techniques published in the literature; consequently, the testbed allows the evaluation of covert channel detection techniques. We specifically applied Decision Trees to infer DAT-rules, achieving high accuracy and detection rates. This paper is a step forward for the actual implementation of effective covert channel detection plugins in modern network security devices.
%G English
%Z TC 5
%Z TC 8
%Z TC 12
%Z WG 8.4
%Z WG 8.9
%Z WG 12.9
%2 https://inria.hal.science/hal-01677146/document
%2 https://inria.hal.science/hal-01677146/file/456304_1_En_8_Chapter.pdf
%L hal-01677146
%U https://inria.hal.science/hal-01677146
%~ SHS
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC5
%~ IFIP-WG
%~ IFIP-TC12
%~ IFIP-TC8
%~ IFIP-WG8-4
%~ IFIP-WG8-9
%~ IFIP-LNCS-10410
%~ IFIP-CD-MAKE
%~ IFIP-WG12-9