Skip to main content
SpringerLink
Log in

A deep learning approach for detecting covert timing channel attacks using sequential data

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

The advanced development of communication technologies has made covert communications quite challenging to be recognized. By altering an entity’s timing behavior during overt network communication, a covert timing channel (CTC) provides a way to leak sensitive data. This is becoming a serious threat due to the ability to transmit hidden messages without being detected by traditional security systems such as proxies and firewalls. In this paper, we explore the automatic classification and identification of covert timing channels using deep neural networks, namely, Long Short-Term Memory (LSTM), 1D-Convolutional Neural networks (1D-CNN), and a hybrid of LSTM and 1D-CNN. These classifiers have been trained and tested using sequence real inter-arrival times datasets labeled with covert or legitimate. The stream length differs for each dataset; (32, 64, 128, 256, and 512 bytes). Traditional machine-learning models have also been developed for comparisons and evaluation. The evaluation results showed that the hybrid of LSTM and CNN model outperforms other models either developed by deep neural networks or traditional machine learning with an accuracy of %97.5.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Data Availability

Enquiries about data availability should be directed to the authors.

References

  1. Al-Eidi, S., Darwish, O., Chen, Y.: Covert timing channel analysis either as cyber attacks or confidential applications. Sensors 20(8), 2417 (2020)

    Article  Google Scholar 

  2. Elsadig, M.A., Gafar, A.: Covert channel detection: machine learning approaches. IEEE Access 10, 38391–38405 (2022)

    Article  Google Scholar 

  3. Darwish, O., Al-Fuqaha, A., Brahim, G.B., Jenhani, I., Vasilakos, A.: Using hierarchical statistical analysis and deep neural networks to detect covert timing channels. Appl. Soft Comput. 82, 105546 (2019)

    Article  Google Scholar 

  4. Saeli, S., Bisio, F., Lombardo, P., Massa, D.: DNS covert channel detection via behavioral analysis: a machine learning approach. arXiv preprint arXiv:2010.01582 (2020)

  5. Al-Eidi, S., Darwish, O., Chen, Y., Husari, G.: Snapcatch: Automatic detection of covert timing channels using image processing and machine learning. IEEE Access (2020)

  6. Chourib, M.: Detecting selected network covert channels using machine learning. In: 2019 International Conference on High Performance Computing & Simulation (HPCS), pp. 582–588 . IEEE (2019)

  7. Iglesias, F., Bernhardt, V., Annessi, R., Zseby, T.: Decision tree rule induction for detecting covert timing channels in tcp/ip traffic. In: International Cross-Domain Conference for Machine Learning and Knowledge Extraction, pp. 105–122 . Springer (2017)

  8. Han, J., Huang, C., Shi, F., Liu, J.: Covert timing channel detection method based on time interval and payload length analysis. Comput. Secur. 97, 101952 (2020)

    Article  Google Scholar 

  9. Salih, A., Ma, X., Peytchev, E.: Detection and classification of covert channels in ipv6 using enhanced machine learning (2015)

  10. Li, H., Song, T., Yang, Y.: Generic and sensitive anomaly detection of network covert timing channels. IEEE Trans. Dependable Secure Comput. (2022). https://doi.org/10.1109/TDSC.2022.3207573

    Article  Google Scholar 

  11. Al-Eidi, S., Darwish, O., Chen, Y., Elkhodr, M.: Covert timing channels detection based on image processing using deep learning. In: International Conference on Advanced Information Networking and Applications, pp. 546–555. Springer (2022)

  12. Al-Eidi, S., Darwish, O., Husari, G., Chen, Y., Elkhodr, M.: Convolutional neural network structure to detect and localize ctc using image processing. In: 2022 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), pp. 1–7. IEEE (2022)

  13. Kiranyaz, S., Avci, O., Abdeljaber, O., Ince, T., Gabbouj, M., Inman, D.J.: 1D convolutional neural networks and applications: a survey. Mech. Syst. Signal Process. 151, 107398 (2021)

    Article  Google Scholar 

  14. Lindemann, B., Maschler, B., Sahlab, N., Weyrich, M.: A survey on anomaly detection for technical systems using lstm networks. Comput. Ind. 131, 103498 (2021)

    Article  Google Scholar 

  15. Shrestha, P.L., Hempel, M., Rezaei, F., Sharif, H.: A support vector machine-based framework for detection of covert timing channels. IEEE Trans. Dependable Secure Comput. 13(2), 274–283 (2015)

    Article  Google Scholar 

  16. Iglesias, F., Zseby, T.: Are network covert timing channels statistical anomalies? In: Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1–9 (2017)

  17. Darwish, O., Al-Fuqaha, A., Brahim, G.B., Jenhani, I., Vasilakos, A.: Using hierarchical statistical analysis and deep neural networks to detect covert timing channels. Appl. Soft Comput. 82, 105546 (2019)

    Article  Google Scholar 

  18. Agarap, A.F.M.: A neural network architecture combining gated recurrent unit (gru) and support vector machine (svm) for intrusion detection in network traffic data. In: Proceedings of the 2018 10th International Conference on Machine Learning and Computing, pp. 26–30 (2018)

  19. Liu, H., Lang, B., Liu, M., Yan, H.: CNN and RNN based payload classification methods for attack detection. Knowl.-Based Syst. 163, 332–341 (2019)

    Article  Google Scholar 

  20. Kim, J., Kim, H.: An effective intrusion detection classifier using long short-term memory with gradient descent optimization. In: 2017 International Conference on Platform Technology and Service (PlatCon), pp. 1–6 . IEEE (2017)

  21. Sharma, A., Malacaria, P., Khouzani, M.: Malware detection using 1-dimensional convolutional neural networks. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 247–256. IEEE (2019)

  22. Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48 . IEEE (2017)

  23. Alkahtani, H., Aldhyani, T.H.: Botnet attack detection by using CNN–LSTM model for internet of things applications. Security Commun. Netw. (2021). https://doi.org/10.1155/2021/3806459

    Article  Google Scholar 

  24. Greff, K., Srivastava, R.K., Koutník, J., Steunebrink, B.R., Schmidhuber, J.: LSTM: a search space odyssey. IEEE Trans. Neural Netw. Learn. Syst. 28(10), 2222–2232 (2016)

    Article  MathSciNet  Google Scholar 

Download references

Funding

The authors have not disclosed any funding.

Author information

Authors and Affiliations

  1. Computer Science Department, Tafila Technical University, Tafila, Jordan

    Shorouq Al-Eidi

  2. Information Security and Applied Computing, Eastern Michigan University, Ypsilanti, MI, USA

    Omar Darwish

  3. School of Computing, Queen’s University, Etobicoke, ON, Canada

    Yuanzhu Chen

  4. Department of Information Technology, Faculty of Prince Al-Hussein Bin Abdallah II for Information Technology, The Hashemite University, P.O. Box 330127, Zarqa, 13133, Jordan

    Majdi Maabreh

  5. Department of Computer Science, Jordan University of Science and Technology, Irbid, Jordan

    Yahya Tashtoush

Authors
  1. Shorouq Al-Eidi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Omar Darwish
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuanzhu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Majdi Maabreh
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yahya Tashtoush
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yahya Tashtoush.

Ethics declarations

Competing interest

The authors have not disclosed any competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Al-Eidi, S., Darwish, O., Chen, Y. et al. A deep learning approach for detecting covert timing channel attacks using sequential data. Cluster Comput 27, 1655–1665 (2024). https://doi.org/10.1007/s10586-023-04035-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-023-04035-5

Keywords

Search

Navigation