Networking and Security

Networking and Security Research Group

Integrating Covert Channel Detection into an Open Source IDS

References

  • S. Zander, G. Armitage, P. Branch. A Survey of Covert Channels and Countermeasures in Computer Network Protocols. IEEE Communications Surveys and Tutorials, 9(3):44-57, October 2007.
  • Mazurczyk, W., Wendzel, S., Zander, S., Houmansadr, A., Szczpiorski, K., (2016),Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures, John Wiley & Sons, Inc.
  • Elzbieta Zielinska,Wojciech Mazurczyk, and Krzysztof Szczypiorski. Trends in steganography. Commun. ACM, 57(3):86-95, March 2014.
  • C. Mullaney. Morto worm sets a (DNS) record. Blog, August 2011. http://www.symantec.com/connect/blogs/morto-worm-sets-dns-record.
  • B. Prince. Attackers hide communication within Linux backdoor. Security Week, 2013.
  • Symantec Security Response. Regin: top-tier espionage tool enables stealthy surveillance. Blog, November 2014. http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance.
  • S. Zander, G. Armitage, and P. Branch. Covert channels in the IP time to live field. 2006.
  • L. Ji, H. Liang, Y. Song, and X. Niu. A normal-traffic network covert channel. In International Conference on Computational Intelligence and Security (CIS), pages 499–503. IEEE, 2009.
  • Ping tunnel - for those times when everything else is blocked. http://www.cs.uit.no/~daniels/PingTunnel/.
  • V. Berk, A. Giani, G. Cybenko, and N. Hanover. Detection of covert channel encoding in network packet delays. Technical Report TR536, Dartmouth University, page 19, 2005.
  • S. Gianvecchio and H. Wang. An entropy-based approach to detecting covert timing channels. IEEE Transactions on Dependable and Secure Computing, 8(6):785–797, 2011.
  • A. Porta, G. Baselli, D. Liberati, N. Montano, C. Cogliati, T. Gnecchi-Ruscone, A. Malliani, and S. Cerutti. Measuring regularity by means of a corrected conditional entropy in sympathetic outflow. Biological cybernetics, 78(1):71–78, 1998.
  • F. Iglesias, R. Annessi, and T. Zseby. DAT detectors: uncovering TCP/IP covert channels by descriptive analytics. Security and Communication Networks, 9(15):3011–3029, 2016.
  • S. Cabuk, C. E. Brodley, and C. Shields. IP covert channel detection. ACM Transactions on Information and System Security (TISSEC), 12(4):22, 2009.
    •

    Other Links

  • DIstributed Firewall and Flow-shaper Using Statistical Evidence (DIFFUSE). http://caia.swin.edu.au/urp/diffuse/.
  • Weka 3: Data mining software in java. http://www.cs.waikato.ac.nz/ml/weka/.
  • Snort - network intrusion detection & prevention system. https://www.snort.org/.
  • Suricata | open source ids / ips / nsm engine. https://suricata-ids.org/.
  • The Bro network security monitor. https://www.bro.org/.
  • Covert Channels Evaluation Framework (CCHEF). https://sourceforge.net/projects/cchef/.
    •

    Authors: Dr Sebastian Zander e-mail: S.Zander@murdoch.edu.au | Dr Hendra Gunadi e-mail: hendra.gunadi@murdoch.edu.au

    This project is supported by a grant provided by the Comcast Innovation Fund.