A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Filters
ICMPTend: Internet Control Message Protocol Covert Tunnel Attack Intent Detector
2022
Computers Materials & Continua
Preserved Fulltext
For the high-dimensional and independent characteristics of ICMP traffic, we use a support vector machine (SVM) as a multi-class classifier. ...
Most detection methods are detecting the existence of channels instead of clarifying specific attack intentions. ...
In order to determine the attacking intent of the covert tunnel more accurately, it is necessary to analyze the detection of the ICMP covert channel from the perspective of data. ...
doi:10.32604/cmc.2022.022540
fatcat:kzbddde6kbdxtopm5g6x4yrm3m
Detection of Covert Channels Over ICMP Protocol
2017
2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We propose in this work a method to monitor and detect the presence of hidden channels that are based on an essential monitoring protocol "Internet Control Message Protocol" (ICMP). ...
Covert channels also known as hidden channels can elude basic security systems such as Intrusion Detection Systems (IDS) and firewalls. ...
Shrestha et al [6] provide a framework based on Support Vector Machine (SVM) classifier to detect covert timing channel. ...
doi:10.1109/aiccsa.2017.60
dblp:conf/aiccsa/SayadiAB17
fatcat:hpbirws5nnfbrcy4vxsz4cmbce
Detecting Selected Network Covert Channels Using Machine Learning
2019
2019 International Conference on High Performance Computing & Simulation (HPCS)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN). ...
Most previous studies on detecting network covert channels using Machine Learning (ML) were tested with a dataset that was created using one single covert channel tool and also are ineffective at classifying ...
The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN). ...
doi:10.1109/hpcs48598.2019.9188115
dblp:conf/ieeehpcs/Chourib19
fatcat:dyqoup2n6rh67bd7hhott2oox4
Covert channels in TCP/IP protocol stack - extended version-
2014
Open Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
For most of the covert channels its data bandwidth is given. ...
Covert−TCP [10] can be detected using a Support Vector Machine (SVM) [128] , and together with NUSHU [78] by [9] anomaly tests, because covert headers are easily distinguished from those generated ...
Allix [32] gives the example of the following timing covert channel: let the attacker has the control of two machines A and B, each one having a connection to the same server C. ...
doi:10.2478/s13537-014-0205-6
fatcat:tkkyehibpbf3tl5x5bctsqkk6y
Implementation of a Covert Channel in the 802.11 Header
2008
2008 International Wireless Communications and Mobile Computing Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
We present also some measurements to protect the proposed covert channel against steganalysis processes and sniffing attack. ...
Depending on the configuration of the network, the covert channel uses either sequence control or initial vector fields, or both of them. ...
• In the ICMP address mask request based covert channel, the address mask field is normally destined to be filled with zeros. ...
doi:10.1109/iwcmc.2008.103
fatcat:u54hq7gncneo3gwzasy5oamhpa
A Network Covert Channel Based on Packet Classification
2012
International Journal of Network Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
To construct a more secret covert channel, this paper proposes a novel approach based on packet classification. ...
Our analysis demonstrate that the covert channels based on packet classification can not be totally eliminated with current methods. ...
Table 4 shows frequently-used ICMP packets that can be delivered by HLEN=5 HLEN=6 HLEN=7 HLEN=8 Figure 4 : Format of ICMP message host machine. ...
dblp:journals/ijnsec/DongQLL12
fatcat:c5i6fulflfevhnhbev7tssef3a
USE OF MARKOV CHAIN FOR EARLY DETECTING DDOS ATTACKS
2021
Zenodo
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. ...
The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier. ...
Based on the TCP Markov model, this paper proposes a new covert channel detection method for different applications. ...
doi:10.5281/zenodo.5157426
fatcat:q2i63qbo75dr7bvg5mddvdjrr4
Use of MARKOV Chain for Early Detecting DDoS Attacks
2021
International journal of network security and its applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. ...
The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier. ...
Based on the TCP Markov model, this paper proposes a new covert channel detection method for different applications. ...
doi:10.5121/ijnsa.2021.13401
fatcat:bcdjqlclc5aadn3idxosfzhbnu
An approach towards anomaly based detection and profiling covert TCP/IP channels
2009
2009 7th International Conference on Information, Communications and Signal Processing (ICICS)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
[66] - [68] used a Support Vector Machine based approach to evaluate the accuracy of detecting covert channels embedded in ICMP echo packets and identification field of IP header and the sequence number ...
Borders et al. developed a tool for detecting covert channels over outbound HTTP tunnels based on a similar approach [75] . ...
doi:10.1109/icics.2009.5397551
fatcat:z6mkmgm6ffdpdeqsn4x33pwoju
SnapCatch: Automatic Detection of Covert Timing Channels Using Image Processing and Machine Learning
2020
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
INDEX TERMS Covert timing channels, detection, entropy, image processing, machine learning. 178 VOLUME 9, 2021 186 VOLUME 9, 2021 S. ...
However, given the efforts of cyber attacks to evade detection and the growing column of CTC, covert channels detection needs to improve in both performance and precision to detect and prevent CTCs and ...
The Support Vector Machine (SVM) learning algorithm has also been widely used in the CTCs detection research domain. ...
doi:10.1109/access.2020.3046234
fatcat:yribylvmrrf4lhspi6sg65rqba
A New Approach for Network Steganography Detection based on Deep Learning Techniques
2021
International Journal of Advanced Computer Science and Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
However, such methods have the difficult problem of not being able to detect abnormal packets when an attacker uses other steganography techniques. ...
The highlight of this study is some new proposed features based on different components of the packet. ...
[15] proposed a network steganography detection method using the Support Vector Machine (SVM) algorithm for detecting hidden information in TCP/IP protocols. ...
doi:10.14569/ijacsa.2021.0120705
fatcat:jtdehd5n2fgszkzrziu5nhuqz4
A survey of covert channels and countermeasures in computer network protocols
2007
IEEE Communications Surveys and Tutorials
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Covert channels are used for the secret transfer of information. ...
Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. ...
[15] ) could be discovered with high accuracy using Support Vector Machines (SVMs) [120] . The authors evaluated different feature sets and achieved classification accuracies of up to 99 percent. ...
doi:10.1109/comst.2007.4317620
fatcat:vw2ow6ehrbcf3f3ry65xntriha
Network Covert Channel Detection with Cluster based on Hierarchy and Density
2012
Procedia Engineering
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Because the coding scheme of the covert channel would cause many similar data occurred repeatedly, the detection algorithm cluster based on density can be used to detect several kinds of the covert channels ...
In order to solve the problem one detection algorithm can only detect one kind of network covert channel, The detection approach hierarchical and density based cluster was purposed. ...
Acknowledgement This work is supported by the National Natural Science Fundamental of China (No.60974129, 70931002). ...
doi:10.1016/j.proeng.2012.01.639
fatcat:2jmnezitkbfaljvdrtxsromdhe
Internet security attacks at the basic levels
1998
ACM SIGOPS Operating Systems Review
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2005; you can also visit the original URL.
The file type is application/pdf.
Besides the description of each attack (the what), we also discuss the way they are carried on (the how) and, when possible, the related means of prevention, detection and/or defense. ...
In the paper we report some of the major actual known attacks. ...
Detection and preventiola: If ICMP echo traffic is allowed, then this channel exists. ...
doi:10.1145/506133.506136
fatcat:aqrulrynyjb7bffk4int4jglru
Exploiting Internet of Things Protocols for Malicious Data Exfiltration Activities
2021
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Then, we propose and validate an initial machine learning based approach able to detect the proposed MQTT tunnel, by comparing different detection algorithms tested with and without a hyperparameter optimization ...
An attacker can exploit the MQTT protocol for various purposes such as steal information or access to not-allowed websites/servers. ...
Finally, Support Vector Machine (LinearSVC) is composed by a linear kernel and a squared_hinge parameter as loss. ...
doi:10.1109/access.2021.3099642
fatcat:eginyrsxczcbpfvti7l7oiu5j4
« Previous
Showing results 1 — 15 out of 132 results