Real-Time Covert Timing Channel Detection in Networked Virtual Environments - Advances in Digital Forensics IX
Conference Papers Year : 2013

Real-Time Covert Timing Channel Detection in Networked Virtual Environments

Abstract

Despite extensive research on malware and Trojan horses, covert channels are still among the top computer security threats. These attacks, which are launched using specially-crafted content or by manipulating timing characteristics, transmit sensitive information to adversaries while remaining undetected. Current detection approaches typically analyze deviations from legitimate network traffic statistics. These approaches, however, are not applicable to highly dynamic, noisy environments, such as cloud computing environments, because they rely heavily on historical traffic and tedious model training. To address these challenges, we present a real-time, wavelet-based approach for detecting covert timing channels. The novelty of the approach comes from leveraging a secure virtual machine to mimic a vulnerable virtual machine. A key advantage is that the detection approach does not require historical traffic data. Experimental results demonstrate that the approach exhibits good overall performance, including a high detection rate and a low false positive rate.
Fichier principal
Vignette du fichier
978-3-642-41148-9_19_Chapter.pdf (1.73 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01460611 , version 1 (07-02-2017)

Licence

Identifiers

Cite

Anyi Liu, Jim Chen, Harry Wechsler. Real-Time Covert Timing Channel Detection in Networked Virtual Environments. 9th International Conference on Digital Forensics (DF), Jan 2013, Orlando, FL, United States. pp.273-288, ⟨10.1007/978-3-642-41148-9_19⟩. ⟨hal-01460611⟩
123 View
155 Download

Altmetric

Share

More