WeChat Mini Program
Old Version Features

    • A Case Study on the Detection of Hash-Chain-based Covert Channels Using Heuristics and Machine Learning

    Jeff Schymiczek,Tobias Schmidbauer,Steffen Wendzel

    19TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY, ARES 2024(2024)

    Univ Helsinki

    Cited 0|Views3
    Abstract
    Reversible network covert channels restore the original carrier object before forwarding it to the overt receiver, drawing them a security threat hard to detect. Some of these covert channels utilize computational intensive operations, such as the calculation of cryptographic hashes. This paper proposes utilizing shape analysis of packet runtime distributions to detect such computational intensive covert channels. To this end, we simulated the latency of covert channel-modified traffic by adding mock hash-reconstruction delays to runtimes of legitimate ping traffic. After qualitatively observing the changes in the empirical probability distribution between modified and natural traffic, we investigated machine learning algorithms for their ability to detect such covert channels. Our results show that a decision tree-based AdaBoost classifier and a CNN using the investigated statistical measures as input vector are able to classify sets of 50 ping measurements with high accuracy. Our approach is superior over previous work on the detection of computational intensive covert channels as it requires smaller sampling window sizes, achieves significantly higher detection rates, and thus draws detection more reliable with fewer preparation.
    More
    Translated text
    Key words
    Covert Channel,Steganography,Information Hiding,Network Security,Anomaly Detection,Machine Learning,Passive Wardens
    求助PDF
    上传PDF
    View via Publisher
    Bibtex
    AI Read Science
    AI Summary
    AI Summary is the key point extracted automatically understanding the full text of the paper, including the background, methods, results, conclusions, icons and other key content, so that you can get the outline of the paper at a glance.
    Example
    Background
    Key content
    Introduction
    Methods
    Results
    Related work
    Fund
    Key content
    • Pretraining has recently greatly promoted the development of natural language processing (NLP)
    • We show that M6 outperforms the baselines in multimodal downstream tasks, and the large M6 with 10 parameters can reach a better performance
    • We propose a method called M6 that is able to process information of multiple modalities and perform both single-modal and cross-modal understanding and generation
    • The model is scaled to large model with 10 billion parameters with sophisticated deployment, and the 10 -parameter M6-large is the largest pretrained model in Chinese
    • Experimental results show that our proposed M6 outperforms the baseline in a number of downstream tasks concerning both single modality and multiple modalities We will continue the pretraining of extremely large models by increasing data to explore the limit of its performance
    Upload PDF to Generate Summary
    Must-Reading Tree
    Example
    Generate MRT to find the research sequence of this paper
    Data Disclaimer
    The page data are from open Internet sources, cooperative publishers and automatic analysis results through AI technology. We do not make any commitments and guarantees for the validity, accuracy, correctness, reliability, completeness and timeliness of the page data. If you have any questions, please contact us by email: report@aminer.cn
    Chat Paper
    Summary is being generated by the instructions you defined