The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Real-time Covert Timing Channels Detection in a Networked Virtual Environment

Research Areas: Network Security

Principal Investigator: Anyi Liu

Despite extensive research on malware and Trojan horses, covert channels are still one of the top most threats in computer security. These attacks, launched through specially crafted content or manipulating timing characteristics, transmit inside credentials to adversaries while their behavior remains undetected. Current research efforts in this area model the statistics of legitimate network traffic in order to detect the existence of malicious insiders or Trojan horses. These efforts, however, are not applicable to highly dynamic and noisy environment, such as cloud computing environment, because their approaches rely heavily on historic traffic or tedious model training. To address such concerns we propose in this project a real-time, wavelet-based approach to detect covert timing channels (CTC). The novelty of our approach comes from not only leveraging a secure virtual machines (VM) to mimic the vulnerable virtual machine. Our approach for detection is general enough to detect CTC and does not require access to historic traffic. Experimental results and evaluation show the merits of our approach for CTC detection in terms of overall performance including high detection rate and low false positive rate.

Personnel

Students: • Sashidar Avula

Representative Publications

Keywords: Covert Timing Channel(CTC), Discrete Wavelet-based Multi-resolution Transformation (DWMT), information security, intrusion detection