Detecting Network Covert Channels using Machine Learning,

Data Mining and Hierarchical Organisation of Frequent Sets

Piotr Nowakowski, Piotr Żórawski, Krzysztof Cabaj
+, and Wojciech Mazurczyk3
 

Warsaw University of Technology, Warsaw, Poland

{P.Nowakowski, P.Zorawski, K.Cabaj, W.Mazurczyk}@ii.pw.edu.pl

 

Abstract

Due to continuing improvements in defensive systems, malware developers create increasingly sophisticated techniques to remain undetected on the infected machine for as long as possible. One flavor of such methods are network covert channels, which, to transfer secret data, utilize subtle modifications to the legitimate network traffic. As currently there is no one-size-fits-all approach which would be effective in detecting covert communication in an efficient and scalable manner, more research effort is needed to devise a suitable solution. That is why, in this paper we propose to utilize machine learning and data mining accompanied by hierarchical organization of frequent sets to detect network covert channels: both distributed and undistributed. The obtained experimental results prove that the proposed approach is effective and efficient.

Keywords: Distributed Network Covert Channels (DNCCs), Network Security, Information Hiding,

Data mining, Machine Learning

 

+: Corresponding author: Krzysztof Cabaj
Department of Electronics and Information Technology, Institute of Computer Science, Nowowiejska 15/19, 00-65 Warsaw, Poland, Tel: +48-22-234-77-11

 

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol. 12, No. 1, pp. 20-43, March 2021 [pdf]

Received: December 29, 2020; Accepted: February 18, 2021; Published: March 31, 2021

DOI: 10.22667/JOWUA.2021.03.31.020