Entropy Based Detection And Behavioral Analysis Of Hybrid Covert Channeling Secured Communication

TL;DR

This paper proposes an entropy-based method to detect and analyze hybrid covert channels in network security, addressing the challenge of identifying multiple simultaneous covert schemes within protocol layers.

Contribution

It introduces a novel entropy-based detection approach for hybrid covert channels and models attack scenarios to improve detection accuracy.

Findings

Entropy metrics can effectively identify hybrid covert channels.

Hybrid channels pose detection challenges due to multiple covert schemes.

Proposed model enhances understanding of covert mediums and attack scenarios.

Abstract

Covert channels is a vital setup in the analysing the strength of security in a network.Covert Channel is illegitimate channelling over the secured channel and establishes a malicious conversation.The trapdoor set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall.This is due to the intricate covert scheme that enables to build robust covert channel over the network.From an attacker's perspective this will ameliorate by placing multiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of Hybrid Covert Channel, where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert channel scenario it is required to explore all possible clandestine mediums used in the formation of such channels. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The environment can be composed of resources and subject under at-tack and subject which have initiated the attack (attacker). The paper sets itself an objective to understand the different covert schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for detection.