HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Real-Time Covert Timing Channel Detection in Networked Virtual Environments

Abstract : Despite extensive research on malware and Trojan horses, covert channels are still among the top computer security threats. These attacks, which are launched using specially-crafted content or by manipulating timing characteristics, transmit sensitive information to adversaries while remaining undetected. Current detection approaches typically analyze deviations from legitimate network traffic statistics. These approaches, however, are not applicable to highly dynamic, noisy environments, such as cloud computing environments, because they rely heavily on historical traffic and tedious model training. To address these challenges, we present a real-time, wavelet-based approach for detecting covert timing channels. The novelty of the approach comes from leveraging a secure virtual machine to mimic a vulnerable virtual machine. A key advantage is that the detection approach does not require historical traffic data. Experimental results demonstrate that the approach exhibits good overall performance, including a high detection rate and a low false positive rate.
Document type :
Conference papers
Complete list of metadata

Cited literature [20 references]  Display  Hide  Download

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, February 7, 2017 - 5:26:01 PM
Last modification on : Thursday, March 5, 2020 - 4:46:39 PM
Long-term archiving on: : Monday, May 8, 2017 - 2:57:23 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Anyi Liu, Jim Chen, Harry Wechsler. Real-Time Covert Timing Channel Detection in Networked Virtual Environments. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.273-288, ⟨10.1007/978-3-642-41148-9_19⟩. ⟨hal-01460611⟩



Record views


Files downloads