International Journal of Network Security & Its Applications (IJNSA) - ERA, WJCI Indexed
ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)
Webpage URL: https://airccse.org/journal/ijnsa.html
Entropy Based Detection And Behavioral Analysis Of Hybrid Covert Channel In Secured Communication
Anjan K1, Srinath N K1 and Jibi Abraham2, 1R V College of Engineering, India and 2College of Engineering Pune, India
Abstract
Covert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert Channel", where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert channel scenario it is required to explore all possible clandestine mediums used in the formation of such channels. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The environment can be composed of resources and subject under at-tack and subject which have initiated the attack (attacker). The paper sets itself an objective to understand the different covert schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for detection.
Keywords
Covert Channel, Subliminal Channel, Network Forensics, Kleptography, Trapdoors, Covert Schemes
Original Source URL: https://airccse.org/journal/nsa/7315nsa04.pdf
Volume URL: https://airccse.org/journal/jnsa15_current.html
No comments:
Post a Comment