A generalized detection framework for covert timing channels based on perceptual hashing

Abstract

AbstractNetwork covert channels use network resources to transmit data covertly, and their existence will seriously threaten network security. Therefore, an effective method is needed to prevent and detect them. Current network covert timing channel detection methods often incorporate machine learning methods in order to achieve generalized detection, but they consume a large amount of computational resources. In this paper, we propose a generalized detection framework for covert channels based on perceptual hashing without relying on machine learning methods. And we propose a one‐dimensional data feature descriptor for feature extraction of perceptual hash for the data characteristics of covert timing channels. We first generate the hash sequence of the corresponding channel to get the average hash, which is used for comparison in the test phase. The experimental results show that the feature descriptor can capture the feature differences of one‐dimensional data well. When compared to machine learning methods, this perceptual hashing algorithms enable faster traffic detection. Meanwhile, our method is able to detect the effectiveness with the smallest coverage window compared with the latest solutions. Moreover, it exhibits robustness in jitter network environment.