Abstract
As network data rates continue to increase, implementing real-time network security applications requires a scalable computing platform. Multicore and manycore parallel processing systems provide a way to scale network security applications. The focus of this study are network covert timing channels (CTCs) that provide secret communication between hosts by modulating the inter-packet delays of an overt application. In this paper, we present an implementation of a parallel CTC detection tool in a Massively Parallel Processing Array (MPPA) architecture. We examine the effectiveness of our tool for detecting model-based CTCs using parallel implementation of four common detection techniques, namely, the Kullback-Liebler Divergence (KLD), Kolmogorov-Smirnov (K-S), regularity and first order entropy tests. We evaluate the performance of the algorithms using classification rates and study the scalability by varying the number of cores. Results show that while parallelization provides benefit, the scalability is limited by the memory available in each core and the ability to stream in large number of flows to different cores.
This research was supported by NSF grant CNS-1018886.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Archibald, R., Ghosal, D.: A comparative analysis of detection metrics for covert timing channels. Computers & Security (2014)
Cabuk, S.: Network covert channels: Design, analysis, detection, and elimination. Ph.D. dissertation, Purdue University, West Lafayette (2006)
Cabuk, S., Brodley, C., Shields, C.: IP covert timing channels: design and detection. In: Proceedings of the 2004 ACM Conference on Computer and Communications Security (2004)
Caetano, M., Vieira, P., Bordim, J., Barreto, P.: International journal of computer science and network security. International Journal of Computer Science and Network Security 10, 13–20 (2010)
Gianvecchio, S., Wang, H.: An entropy-based approach to detecting covertchannels. In: IEEE Transactions on Dependable and Secure Computing, Vol. 8(6) (2011)
Hu, W.-M.: Reducing timing channels with fuzzy time. Journal of Computer Security 1.3, 233–254 (1992)
Kang, M.H., Moskowitz, I., Chincheck, S.: The pump: a decade of covert fun. Computer Security Applications Conference, 21st Annual. IEEE (2005)
Kolosovskiy, M.: Simple implementation of deletion from open-address hash table. arXiv preprint arXiv:0909.2547 (2009)
Kothari, K.: Mimic: an active covert channel that evades regularity-based detection. Comput. Netw. 57(3) (2013)
Lee, K.S., Wang, H., Weatherspoon, H.: Phy covert channel: can you see the idles. In: USENIX symposium on Networked Systems Design and Implementation (NSDI), April 2014
Matta, I., Guo, L.: Differentiated predictive fair service for tcp flows. In: Proc. ICNP 2000, Osaka, Japan, November 2000
Psounis, K., Ghosh, A., Prabhakar, B., Wang, G.: Sift: A simple algorithm for tracking elephant flows, and taking advantage of power laws. In: 43rd Allerton Conference on Communication, Control and Computing (2005)
Schultz, M., Crowley, P.: Performance analysis of packet capture methods in a 10 gbps virtualized environment. In: 2012 21st International Conference on Computer Communications and Networks (ICCCN). IEEE (2012)
tcpreplay developers. tcpreplay website (2014). http://tcpreplay.synfin.net/trac/wiki/tcpreplay
Thyer, J.S.: Covert data storage channel using ip packet headers. SANS Institute (2008)
Tilera. Tilera tilepro64 overview (2014). http://www.tilera.com/sites/default/files/productbriefs/
CAIDA. CAIDA Data (2014) http://www.caida.org/data/overview/
Gegan, R.: Parallelized Real-Time Covert Timing Channel Detection. Master’s Thesis, Computer Science Department University of California, Davis (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Gegan, R.K., Archibald, R., Farrens, M.K., Ghosal, D. (2015). Performance Analysis of Real-Time Covert Timing Channel Detection Using a Parallel System. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science(), vol 9408. Springer, Cham. https://doi.org/10.1007/978-3-319-25645-0_40
Download citation
DOI: https://doi.org/10.1007/978-3-319-25645-0_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25644-3
Online ISBN: 978-3-319-25645-0
eBook Packages: Computer ScienceComputer Science (R0)