Skip to Main content Skip to Navigation
Conference papers

Real-Time Covert Timing Channel Detection in Networked Virtual Environments

Abstract : Despite extensive research on malware and Trojan horses, covert channels are still among the top computer security threats. These attacks, which are launched using specially-crafted content or by manipulating timing characteristics, transmit sensitive information to adversaries while remaining undetected. Current detection approaches typically analyze deviations from legitimate network traffic statistics. These approaches, however, are not applicable to highly dynamic, noisy environments, such as cloud computing environments, because they rely heavily on historical traffic and tedious model training. To address these challenges, we present a real-time, wavelet-based approach for detecting covert timing channels. The novelty of the approach comes from leveraging a secure virtual machine to mimic a vulnerable virtual machine. A key advantage is that the detection approach does not require historical traffic data. Experimental results demonstrate that the approach exhibits good overall performance, including a high detection rate and a low false positive rate.
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download

https://hal.inria.fr/hal-01460611
Contributor : Hal Ifip <>
Submitted on : Tuesday, February 7, 2017 - 5:26:01 PM
Last modification on : Thursday, March 5, 2020 - 4:46:39 PM
Document(s) archivé(s) le : Monday, May 8, 2017 - 2:57:23 PM

File

978-3-642-41148-9_19_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Anyi Liu, Jim Chen, Harry Wechsler. Real-Time Covert Timing Channel Detection in Networked Virtual Environments. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.273-288, ⟨10.1007/978-3-642-41148-9_19⟩. ⟨hal-01460611⟩

Share

Metrics

Record views

149

Files downloads

445