Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Covert channel detection using machine learning methods
Download
index.pdf
Date
2019
Author
Çavuşoğlu, İmge Gamze
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
252
views
142
downloads
Cite This
A covert channel is a communication method that misuses legitimate resources to bypass intrusion detection systems. They can be used to do illegal work like leaking classified (or sensitive) data or sending commands to malware bots. Network timing channels are a type of these channels that use inter-arrival times between network packets to encode the data to be sent. Although these types of channels are hard to detect, they are not used frequently due to their low capacity and sensitivity to the network conditions. However, upcoming technologies like 5G and WiFi 6 offer more reliable networks with low latency, which we believe can work in favor of network timing channels and attract hackers to them. Therefore, we also believe that the detection of network timing channels is an increasingly important issue. In this thesis, we worked with two types of network covert channels: Fixed Interval and Jitterbug. Fixed Interval defines an inter-arrival time for each symbol to be transmitted and send network packets accordingly. On the other hand, Jitterbug does not create new packet traffic; it just delays existing packets for some predefined time. Two channels are very different: Jitterbug creates traffic that is similar to the legitiv mate network though has lower capacity, and Fixed Interval has a very different traffic shape from the legitimate network but has higher capacity. Our work has shown it is indeed possible to detect these channels with a decision tree with four features called mean, variance, skewness and kurtosis. However, more research is needed to make this system work in the real world.
Subject Keywords
Machine learning.
,
Keywords: Covert Channel
,
Covert Channel Detection
,
Machine Learning
,
Decision Tree.
URI
http://etd.lib.metu.edu.tr/upload/12624767/index.pdf
https://hdl.handle.net/11511/44755
Collections
Graduate School of Natural and Applied Sciences, Thesis
Suggestions
OpenMETU
Core
Covert Channel Detection Using Machine Learning
Çavuşoğlu, İmge Gamze; Alemdar, Hande; Onur, Ertan (2021-01-07)
A covert channel is a communication method that misuses legitimate resources to bypass intrusion detection systems. They can be used to do illegal work like leaking classified (or sensitive) data or sending commands to malware bots. Network timing channels are a type of these channels that use inter-arrival times between network packets to encode the data to be sent. In this study, we worked with two types of network covert channels: Fixed Interval and Jitterbug. We were able to distinguish these channels f...
Surveillance Video Querying With A Human-in-the-Loop
STONEBROKER, MICHAEL; Bhargava, Bharat; Cafarella, Michael; COLLINS, ZACHARY; McClellan, Jenna; SIPSER, AARON; Sun, Tao; NESEN, ALİNA; SOLAIMAN, K.M.A.; MANI, GANAPATHY; Kochpatcharin, Kevin; Kochpatcharin, Kevin; Angın, Pelin; MACDONALD, JAMES (2020-06-19)
SurvQ is a video monitoring system appropriate for surveillance applications such as those found in security and law enforcement. It performs real time object property identification and stores all data in a scalable DBMS. Standing queries implemented as database triggers are supported. SurvQ contains novel adaptive machine learning and algorithmic property classification. The application of SurvQ to assist the West Lafayette (IN) police department at identifying suspects in video is described. This paper a...
Feature Extraction and Object Classification for Target Identification at Wireless Multimedia Sensor Networks
Civelek, Muhsin; Yilmazer, Cengiz; Yazıcı, Adnan; Korkut, Fazli Oncul (2014-04-25)
In this paper, it is investigated the processes for automatic identification of the targets without personnel intervention in wireless multimedia sensor networks. Methods to extract the features of the object from the multimedia data and to classify the target type based on the extracted features are proposed within the scope of this study. The success of the proposed methods are tested by implementing a Matlab application and the results are presented in this paper
Surveillance wireless sensor networks: Deployment quality analysis
Onur, Ertan; Delic, Hakan; Akarun, Lale (2007-11-01)
Surveillance wireless sensor networks are deployed at perimeter or border locations to detect unauthorized intrusions. For deterministic deployment of sensors, the quality of deployment can be determined sufficiently by analysis in advance of deployment. However, when random deployment is required, determining the deployment quality becomes challenging. To assess the quality of sensor deployment, appropriate measures can be employed that reveal the weaknesses in the coverage of SWSNs with respect to the suc...
Object Extraction and Classification in Video Surveillance Applications
Civelek, Muhsin; Yazıcı, Adnan (2017-05-01)
In this paper we review a number of methods used in video surveillance applications in order to detect and classify threats. Moreover, the use of those methods in wireless surveillance networks contributes to decreasing the energy consumption of the devices because it reduces the amount of information transferred through the network. In this paper we focus on the most popular object extraction and classification methods that are used in both wired and wireless surveillance applications. We also develop an a...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
İ. G. Çavuşoğlu, “Covert channel detection using machine learning methods,” Thesis (M.S.) -- Graduate School of Natural and Applied Sciences. Computer Engineering., Middle East Technical University, 2019.
