Research Summaries

Back Network Traffic Covert Channel Detection and Mitigation

Fiscal Year 2020
Division Research & Sponsored Programs
Department NPS Naval Research Program
Investigator(s) Monaco, John V.
Singh, Gurminder
Sponsor NPS Naval Research Program (Navy)
Summary This project will leverage emerging machine learning techniques to detect covert and side channels in a network. With the intent of avoiding detection, covert channels are commonly used by adversaries to steal private information or to exfiltrate data from within a network after a system has been compromised. Unintended information leakage can occur when either user or device behavior manifests in network traffic, enabling reconnaissance through, e.g., remote device fingerprinting. The proposed work will develop techniques to detect and mitigate such instances of information leakage. Covert channel detection will be addressed within an anomaly detection framework, and sequence models will be leveraged for this purpose. Information theoretic functions will measure covert channel capacity. Mitigations will be investigated, such as techniques to introduce perturbations to packet time, size, or structure to degrade covert channel capacity.
Keywords Anomaly Cyber Netflow machine learning
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal