Filters








132 Hits in 5.5 sec

ICMPTend: Internet Control Message Protocol Covert Tunnel Attack Intent Detector

Tengfei Tu, Wei Yin, Hua Zhang, Xingyu Zeng, Xiaoxiang Deng, Yuchen Zhou, Xu Liu
2022 Computers Materials & Continua  
For the high-dimensional and independent characteristics of ICMP traffic, we use a support vector machine (SVM) as a multi-class classifier.  ...  Most detection methods are detecting the existence of channels instead of clarifying specific attack intentions.  ...  In order to determine the attacking intent of the covert tunnel more accurately, it is necessary to analyze the detection of the ICMP covert channel from the perspective of data.  ... 
doi:10.32604/cmc.2022.022540 fatcat:kzbddde6kbdxtopm5g6x4yrm3m

Detection of Covert Channels Over ICMP Protocol

Sirine Sayadi, Tarek Abbes, Adel Bouhoula
2017 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA)  
We propose in this work a method to monitor and detect the presence of hidden channels that are based on an essential monitoring protocol "Internet Control Message Protocol" (ICMP).  ...  Covert channels also known as hidden channels can elude basic security systems such as Intrusion Detection Systems (IDS) and firewalls.  ...  Shrestha et al [6] provide a framework based on Support Vector Machine (SVM) classifier to detect covert timing channel.  ... 
doi:10.1109/aiccsa.2017.60 dblp:conf/aiccsa/SayadiAB17 fatcat:hpbirws5nnfbrcy4vxsz4cmbce

Detecting Selected Network Covert Channels Using Machine Learning

Mehdi Chourib
2019 2019 International Conference on High Performance Computing & Simulation (HPCS)  
The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN).  ...  Most previous studies on detecting network covert channels using Machine Learning (ML) were tested with a dataset that was created using one single covert channel tool and also are ineffective at classifying  ...  The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN).  ... 
doi:10.1109/hpcs48598.2019.9188115 dblp:conf/ieeehpcs/Chourib19 fatcat:dyqoup2n6rh67bd7hhott2oox4

Covert channels in TCP/IP protocol stack - extended version-

Aleksandra Mileva, Boris Panajotov
2014 Open Computer Science  
For most of the covert channels its data bandwidth is given.  ...  Covert−TCP [10] can be detected using a Support Vector Machine (SVM) [128] , and together with NUSHU [78] by [9] anomaly tests, because covert headers are easily distinguished from those generated  ...  Allix [32] gives the example of the following timing covert channel: let the attacker has the control of two machines A and B, each one having a connection to the same server C.  ... 
doi:10.2478/s13537-014-0205-6 fatcat:tkkyehibpbf3tl5x5bctsqkk6y

Implementation of a Covert Channel in the 802.11 Header

Lilia Frikha, Zouheir Trabelsi, Wassim El-Hajj
2008 2008 International Wireless Communications and Mobile Computing Conference  
We present also some measurements to protect the proposed covert channel against steganalysis processes and sniffing attack.  ...  Depending on the configuration of the network, the covert channel uses either sequence control or initial vector fields, or both of them.  ...  • In the ICMP address mask request based covert channel, the address mask field is normally destined to be filled with zeros.  ... 
doi:10.1109/iwcmc.2008.103 fatcat:u54hq7gncneo3gwzasy5oamhpa

A Network Covert Channel Based on Packet Classification

Ping Dong, Huanyan Qian, Zhongjun Lu, Shaohua Lan
2012 International Journal of Network Security  
To construct a more secret covert channel, this paper proposes a novel approach based on packet classification.  ...  Our analysis demonstrate that the covert channels based on packet classification can not be totally eliminated with current methods.  ...  Table 4 shows frequently-used ICMP packets that can be delivered by HLEN=5 HLEN=6 HLEN=7 HLEN=8 Figure 4 : Format of ICMP message host machine.  ... 
dblp:journals/ijnsec/DongQLL12 fatcat:c5i6fulflfevhnhbev7tssef3a

USE OF MARKOV CHAIN FOR EARLY DETECTING DDOS ATTACKS

Chin-Ling Chen, Jian-Ming Chen
2021 Zenodo  
The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert.  ...  The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.  ...  Based on the TCP Markov model, this paper proposes a new covert channel detection method for different applications.  ... 
doi:10.5281/zenodo.5157426 fatcat:q2i63qbo75dr7bvg5mddvdjrr4

Use of MARKOV Chain for Early Detecting DDoS Attacks

Chin-Ling Chen, Jian-Ming Chen
2021 International journal of network security and its applications  
The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert.  ...  The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.  ...  Based on the TCP Markov model, this paper proposes a new covert channel detection method for different applications.  ... 
doi:10.5121/ijnsa.2021.13401 fatcat:bcdjqlclc5aadn3idxosfzhbnu

An approach towards anomaly based detection and profiling covert TCP/IP channels

Patrick A. Gilbert, Prabir Bhattacharya
2009 2009 7th International Conference on Information, Communications and Signal Processing (ICICS)  
[66] - [68] used a Support Vector Machine based approach to evaluate the accuracy of detecting covert channels embedded in ICMP echo packets and identification field of IP header and the sequence number  ...  Borders et al. developed a tool for detecting covert channels over outbound HTTP tunnels based on a similar approach [75] .  ... 
doi:10.1109/icics.2009.5397551 fatcat:z6mkmgm6ffdpdeqsn4x33pwoju

SnapCatch: Automatic Detection of Covert Timing Channels Using Image Processing and Machine Learning

Shorouq Al-Eidi, Omar Darwish, Yuanzhu Chen, Ghaith Husari
2020 IEEE Access  
INDEX TERMS Covert timing channels, detection, entropy, image processing, machine learning. 178 VOLUME 9, 2021 186 VOLUME 9, 2021 S.  ...  However, given the efforts of cyber attacks to evade detection and the growing column of CTC, covert channels detection needs to improve in both performance and precision to detect and prevent CTCs and  ...  The Support Vector Machine (SVM) learning algorithm has also been widely used in the CTCs detection research domain.  ... 
doi:10.1109/access.2020.3046234 fatcat:yribylvmrrf4lhspi6sg65rqba

A New Approach for Network Steganography Detection based on Deep Learning Techniques

Cho Do Xuan, Lai Van Duong
2021 International Journal of Advanced Computer Science and Applications  
However, such methods have the difficult problem of not being able to detect abnormal packets when an attacker uses other steganography techniques.  ...  The highlight of this study is some new proposed features based on different components of the packet.  ...  [15] proposed a network steganography detection method using the Support Vector Machine (SVM) algorithm for detecting hidden information in TCP/IP protocols.  ... 
doi:10.14569/ijacsa.2021.0120705 fatcat:jtdehd5n2fgszkzrziu5nhuqz4

A survey of covert channels and countermeasures in computer network protocols

Sebastian Zander, Grenville Armitage, Philip Branch
2007 IEEE Communications Surveys and Tutorials  
Covert channels are used for the secret transfer of information.  ...  Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols.  ...  [15] ) could be discovered with high accuracy using Support Vector Machines (SVMs) [120] . The authors evaluated different feature sets and achieved classification accuracies of up to 99 percent.  ... 
doi:10.1109/comst.2007.4317620 fatcat:vw2ow6ehrbcf3f3ry65xntriha

Network Covert Channel Detection with Cluster based on Hierarchy and Density

Qian Yuwen, Song Huaju, Song Chao, Wang Xi, Leng Linjie
2012 Procedia Engineering  
Because the coding scheme of the covert channel would cause many similar data occurred repeatedly, the detection algorithm cluster based on density can be used to detect several kinds of the covert channels  ...  In order to solve the problem one detection algorithm can only detect one kind of network covert channel, The detection approach hierarchical and density based cluster was purposed.  ...  Acknowledgement This work is supported by the National Natural Science Fundamental of China (No.60974129, 70931002).  ... 
doi:10.1016/j.proeng.2012.01.639 fatcat:2jmnezitkbfaljvdrtxsromdhe

Internet security attacks at the basic levels

Marco de Vivo, Gabriela O. de Vivo, Germinal Isern
1998 ACM SIGOPS Operating Systems Review  
Besides the description of each attack (the what), we also discuss the way they are carried on (the how) and, when possible, the related means of prevention, detection and/or defense.  ...  In the paper we report some of the major actual known attacks.  ...  Detection and preventiola: If ICMP echo traffic is allowed, then this channel exists.  ... 
doi:10.1145/506133.506136 fatcat:aqrulrynyjb7bffk4int4jglru

Exploiting Internet of Things Protocols for Malicious Data Exfiltration Activities

Ivan Vaccari, Sara Narteni, Maurizio Aiello, Maurizio Mongelli, Enrico Cambiaso
2021 IEEE Access  
Then, we propose and validate an initial machine learning based approach able to detect the proposed MQTT tunnel, by comparing different detection algorithms tested with and without a hyperparameter optimization  ...  An attacker can exploit the MQTT protocol for various purposes such as steal information or access to not-allowed websites/servers.  ...  Finally, Support Vector Machine (LinearSVC) is composed by a linear kernel and a squared_hinge parameter as loss.  ... 
doi:10.1109/access.2021.3099642 fatcat:eginyrsxczcbpfvti7l7oiu5j4
« Previous Showing results 1 — 15 out of 132 results