Abstract
The advanced development of communication technologies has made covert communications quite challenging to be recognized. By altering an entity’s timing behavior during overt network communication, a covert timing channel (CTC) provides a way to leak sensitive data. This is becoming a serious threat due to the ability to transmit hidden messages without being detected by traditional security systems such as proxies and firewalls. In this paper, we explore the automatic classification and identification of covert timing channels using deep neural networks, namely, Long Short-Term Memory (LSTM), 1D-Convolutional Neural networks (1D-CNN), and a hybrid of LSTM and 1D-CNN. These classifiers have been trained and tested using sequence real inter-arrival times datasets labeled with covert or legitimate. The stream length differs for each dataset; (32, 64, 128, 256, and 512 bytes). Traditional machine-learning models have also been developed for comparisons and evaluation. The evaluation results showed that the hybrid of LSTM and CNN model outperforms other models either developed by deep neural networks or traditional machine learning with an accuracy of %97.5.
Similar content being viewed by others
Data Availability
Enquiries about data availability should be directed to the authors.
References
Al-Eidi, S., Darwish, O., Chen, Y.: Covert timing channel analysis either as cyber attacks or confidential applications. Sensors 20(8), 2417 (2020)
Elsadig, M.A., Gafar, A.: Covert channel detection: machine learning approaches. IEEE Access 10, 38391–38405 (2022)
Darwish, O., Al-Fuqaha, A., Brahim, G.B., Jenhani, I., Vasilakos, A.: Using hierarchical statistical analysis and deep neural networks to detect covert timing channels. Appl. Soft Comput. 82, 105546 (2019)
Saeli, S., Bisio, F., Lombardo, P., Massa, D.: DNS covert channel detection via behavioral analysis: a machine learning approach. arXiv preprint arXiv:2010.01582 (2020)
Al-Eidi, S., Darwish, O., Chen, Y., Husari, G.: Snapcatch: Automatic detection of covert timing channels using image processing and machine learning. IEEE Access (2020)
Chourib, M.: Detecting selected network covert channels using machine learning. In: 2019 International Conference on High Performance Computing & Simulation (HPCS), pp. 582–588 . IEEE (2019)
Iglesias, F., Bernhardt, V., Annessi, R., Zseby, T.: Decision tree rule induction for detecting covert timing channels in tcp/ip traffic. In: International Cross-Domain Conference for Machine Learning and Knowledge Extraction, pp. 105–122 . Springer (2017)
Han, J., Huang, C., Shi, F., Liu, J.: Covert timing channel detection method based on time interval and payload length analysis. Comput. Secur. 97, 101952 (2020)
Salih, A., Ma, X., Peytchev, E.: Detection and classification of covert channels in ipv6 using enhanced machine learning (2015)
Li, H., Song, T., Yang, Y.: Generic and sensitive anomaly detection of network covert timing channels. IEEE Trans. Dependable Secure Comput. (2022). https://doi.org/10.1109/TDSC.2022.3207573
Al-Eidi, S., Darwish, O., Chen, Y., Elkhodr, M.: Covert timing channels detection based on image processing using deep learning. In: International Conference on Advanced Information Networking and Applications, pp. 546–555. Springer (2022)
Al-Eidi, S., Darwish, O., Husari, G., Chen, Y., Elkhodr, M.: Convolutional neural network structure to detect and localize ctc using image processing. In: 2022 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), pp. 1–7. IEEE (2022)
Kiranyaz, S., Avci, O., Abdeljaber, O., Ince, T., Gabbouj, M., Inman, D.J.: 1D convolutional neural networks and applications: a survey. Mech. Syst. Signal Process. 151, 107398 (2021)
Lindemann, B., Maschler, B., Sahlab, N., Weyrich, M.: A survey on anomaly detection for technical systems using lstm networks. Comput. Ind. 131, 103498 (2021)
Shrestha, P.L., Hempel, M., Rezaei, F., Sharif, H.: A support vector machine-based framework for detection of covert timing channels. IEEE Trans. Dependable Secure Comput. 13(2), 274–283 (2015)
Iglesias, F., Zseby, T.: Are network covert timing channels statistical anomalies? In: Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 1–9 (2017)
Darwish, O., Al-Fuqaha, A., Brahim, G.B., Jenhani, I., Vasilakos, A.: Using hierarchical statistical analysis and deep neural networks to detect covert timing channels. Appl. Soft Comput. 82, 105546 (2019)
Agarap, A.F.M.: A neural network architecture combining gated recurrent unit (gru) and support vector machine (svm) for intrusion detection in network traffic data. In: Proceedings of the 2018 10th International Conference on Machine Learning and Computing, pp. 26–30 (2018)
Liu, H., Lang, B., Liu, M., Yan, H.: CNN and RNN based payload classification methods for attack detection. Knowl.-Based Syst. 163, 332–341 (2019)
Kim, J., Kim, H.: An effective intrusion detection classifier using long short-term memory with gradient descent optimization. In: 2017 International Conference on Platform Technology and Service (PlatCon), pp. 1–6 . IEEE (2017)
Sharma, A., Malacaria, P., Khouzani, M.: Malware detection using 1-dimensional convolutional neural networks. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 247–256. IEEE (2019)
Wang, W., Zhu, M., Wang, J., Zeng, X., Yang, Z.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48 . IEEE (2017)
Alkahtani, H., Aldhyani, T.H.: Botnet attack detection by using CNN–LSTM model for internet of things applications. Security Commun. Netw. (2021). https://doi.org/10.1155/2021/3806459
Greff, K., Srivastava, R.K., Koutník, J., Steunebrink, B.R., Schmidhuber, J.: LSTM: a search space odyssey. IEEE Trans. Neural Netw. Learn. Syst. 28(10), 2222–2232 (2016)
Funding
The authors have not disclosed any funding.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Competing interest
The authors have not disclosed any competing interests.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Al-Eidi, S., Darwish, O., Chen, Y. et al. A deep learning approach for detecting covert timing channel attacks using sequential data. Cluster Comput 27, 1655–1665 (2024). https://doi.org/10.1007/s10586-023-04035-5
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-023-04035-5