Detecting Network Covert Channels using
Machine Learning, Data Mining and Hierarchical Organisation of Frequent Sets Warsaw University of Technology, Warsaw, Poland {P.Nowakowski, P.Zorawski, K.Cabaj,
W.Mazurczyk}@ii.pw.edu.pl Abstract Due to continuing improvements in defensive systems, malware developers create increasingly sophisticated techniques to remain undetected on the infected machine for as long as possible. One flavor of such methods are network covert channels, which, to transfer secret data, utilize subtle modifications to the legitimate network traffic. As currently there is no one-size-fits-all approach which would be effective in detecting covert communication in an efficient and scalable manner, more research effort is needed to devise a suitable solution. That is why, in this paper we propose to utilize machine learning and data mining accompanied by hierarchical organization of frequent sets to detect network covert channels: both distributed and undistributed. The obtained experimental results prove that the proposed approach is effective and efficient. Keywords: Distributed Network Covert Channels
(DNCCs), Network Security, Information Hiding, Data mining,
Machine Learning +: Corresponding
author: Krzysztof
Cabaj Journal of Wireless Mobile Networks, Ubiquitous
Computing, and Dependable Applications (JoWUA),
Vol. 12, No. 1, pp. 20-43, March 2021 [pdf] DOI: 10.22667/JOWUA.2021.03.31.020 |