AUTOMATIC DETECTION OF ILLEGAL TRANSMISSION IN A NETWORK (Covert Timing Channels An Entropy Approach)

An effective way to capturing data from a well-protected network, a covert timing channel manipulates the timing or ordering of network events like packet arrivals for secured information transfer over the Intranet, even without compromising an end-host within the network. On one hand, such information leakage caused by various covert timing channels poses a serious malwares to Internet users. On the other hand, detecting covert timing channels is a well known challenging task in the security community. Generally, the detection of illegal transmission channels uses statistical progress to differentiate covert traffic from legitimate traffic. However, due to the high variation in legitimate network traffic, detection methods based on standard statistical progress are not accurate and to motivate in capturing a covert timing channel. Although there have been recent research efforts on detecting covert timing channels over the Ftp protocol. Some covert channel detection methods are designed to target one specific covert timing channel, and therefore, fail to detect other types of covert timing channels. The other detection methods are broader in detection but are oversensitive to the high variation of network traffic. In short, none of the previous detection methodologies are effective at detecting a variety of covert timing channels Entropy Approach Detect in accurate manner.