Skip to main content
SpringerLink
Log in

Performance Analysis of Real-Time Covert Timing Channel Detection Using a Parallel System

  • Conference paper
  • First Online:
Network and System Security (NSS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9408))

Included in the following conference series:

Abstract

As network data rates continue to increase, implementing real-time network security applications requires a scalable computing platform. Multicore and manycore parallel processing systems provide a way to scale network security applications. The focus of this study are network covert timing channels (CTCs) that provide secret communication between hosts by modulating the inter-packet delays of an overt application. In this paper, we present an implementation of a parallel CTC detection tool in a Massively Parallel Processing Array (MPPA) architecture. We examine the effectiveness of our tool for detecting model-based CTCs using parallel implementation of four common detection techniques, namely, the Kullback-Liebler Divergence (KLD), Kolmogorov-Smirnov (K-S), regularity and first order entropy tests. We evaluate the performance of the algorithms using classification rates and study the scalability by varying the number of cores. Results show that while parallelization provides benefit, the scalability is limited by the memory available in each core and the ability to stream in large number of flows to different cores.

This research was supported by NSF grant CNS-1018886.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Archibald, R., Ghosal, D.: A comparative analysis of detection metrics for covert timing channels. Computers & Security (2014)

    Google Scholar 

  2. Cabuk, S.: Network covert channels: Design, analysis, detection, and elimination. Ph.D. dissertation, Purdue University, West Lafayette (2006)

    Google Scholar 

  3. Cabuk, S., Brodley, C., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the 2004 ACM Conference on Computer and Communications Security (2004)

    Google Scholar 

  4. Caetano, M., Vieira, P., Bordim, J., Barreto, P.: International journal of computer science and network security. International Journal of Computer Science and Network Security 10, 13–20 (2010)

    Google Scholar 

  5. Gianvecchio, S., Wang, H.: An entropy-based approach to detecting covertchannels. In: IEEE Transactions on Dependable and Secure Computing, Vol. 8(6) (2011)

    Google Scholar 

  6. Hu, W.-M.: Reducing timing channels with fuzzy time. Journal of Computer Security 1.3, 233–254 (1992)

    Google Scholar 

  7. Kang, M.H., Moskowitz, I., Chincheck, S.: The pump: a decade of covert fun. Computer Security Applications Conference, 21st Annual. IEEE (2005)

    Google Scholar 

  8. Kolosovskiy, M.: Simple implementation of deletion from open-address hash table. arXiv preprint arXiv:0909.2547 (2009)

  9. Kothari, K.: Mimic: an active covert channel that evades regularity-based detection. Comput. Netw. 57(3) (2013)

    Google Scholar 

  10. Lee, K.S., Wang, H., Weatherspoon, H.: Phy covert channel: can you see the idles. In: USENIX symposium on Networked Systems Design and Implementation (NSDI), April 2014

    Google Scholar 

  11. Matta, I., Guo, L.: Differentiated predictive fair service for tcp flows. In: Proc. ICNP 2000, Osaka, Japan, November 2000

    Google Scholar 

  12. Psounis, K., Ghosh, A., Prabhakar, B., Wang, G.: Sift: A simple algorithm for tracking elephant flows, and taking advantage of power laws. In: 43rd Allerton Conference on Communication, Control and Computing (2005)

    Google Scholar 

  13. Schultz, M., Crowley, P.: Performance analysis of packet capture methods in a 10 gbps virtualized environment. In: 2012 21st International Conference on Computer Communications and Networks (ICCCN). IEEE (2012)

    Google Scholar 

  14. tcpreplay developers. tcpreplay website (2014). http://tcpreplay.synfin.net/trac/wiki/tcpreplay

  15. Thyer, J.S.: Covert data storage channel using ip packet headers. SANS Institute (2008)

    Google Scholar 

  16. Tilera. Tilera tilepro64 overview (2014). http://www.tilera.com/sites/default/files/productbriefs/

  17. CAIDA. CAIDA Data (2014) http://www.caida.org/data/overview/

  18. Gegan, R.: Parallelized Real-Time Covert Timing Channel Detection. Master’s Thesis, Computer Science Department University of California, Davis (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of California, Davis, Davis, CA, 95616, USA

    Ross K. Gegan, Matthew K. Farrens & Dipak Ghosal

  2. AT&T Labs, 2600 Camino Ramon, San Ramon, CA, 94583, USA

    Rennie Archibald

Authors
  1. Ross K. Gegan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rennie Archibald
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Matthew K. Farrens
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dipak Ghosal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ross K. Gegan .

Editor information

Editors and Affiliations

  1. Apt. 2A, NEW YORK, New York, USA

    Meikang Qiu

  2. University of Texas, San Antonio, Texas, USA

    Shouhuai Xu

  3. Dept. of Computer Science, Columbia University, New York, New York, USA

    Moti Yung

  4. University of Otago, Dunedin, New Zealand

    Haibo Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Gegan, R.K., Archibald, R., Farrens, M.K., Ghosal, D. (2015). Performance Analysis of Real-Time Covert Timing Channel Detection Using a Parallel System. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25645-0_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25644-3

  • Online ISBN: 978-3-319-25645-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation