Covert Channel Detection Using Machine Learning

Çavuşoğlu, İmge Gamze
Alemdar, Hande
Onur, Ertan
A covert channel is a communication method that misuses legitimate resources to bypass intrusion detection systems. They can be used to do illegal work like leaking classified (or sensitive) data or sending commands to malware bots. Network timing channels are a type of these channels that use inter-arrival times between network packets to encode the data to be sent. In this study, we worked with two types of network covert channels: Fixed Interval and Jitterbug. We were able to distinguish these channels from legitimate ones by using decision trees that use four statistical features (mean, variance, skewness, and kurtosis).
Citation Formats
İ. G. Çavuşoğlu, H. Alemdar, and E. Onur, “Covert Channel Detection Using Machine Learning,” 2021, Accessed: 00, 2021. [Online]. Available: