• DocumentCode
    1338884
  • Title

    An Entropy-Based Approach to Detecting Covert Timing Channels

  • Author

    Gianvecchio, Steven ; Wang, Haining

  • Author_Institution
    Dept. of Comput. Sci., Coll. of William & Mary, Williamsburg, VA, USA
  • Volume
    8
  • Issue
    6
  • fYear
    2011
  • Firstpage
    785
  • Lastpage
    797
  • Abstract
    The detection of covert timing channels is of increasing interest in light of recent exploits of covert timing channels over the Internet. However, due to the high variation in legitimate network traffic, detecting covert timing channels is a challenging task. Existing detection schemes are ineffective at detecting most of the covert timing channels known to the security community. In this paper, we introduce a new entropy-based approach to detecting various covert timing channels. Our new approach is based on the observation that the creation of a covert timing channel has certain effects on the entropy of the original process, and hence, a change in the entropy of a process provides a critical clue for covert timing channel detection. Exploiting this observation, we investigate the use of entropy and conditional entropy in detecting covert timing channels. Our experimental results show that our entropy-based approach is sensitive to the current covert timing channels and is capable of detecting them in an accurate manner.
  • Keywords
    Internet; computer network security; entropy; telecommunication traffic; Internet; computer network security; covert timing channel detection; entropy-based detection; network traffic; Distribution functions; Entropy; Network security; Random variables; Timing; Watermarking; Network security; covert timing channels; entropy-based detection.;
  • fLanguage
    English
  • Journal_Title
    Dependable and Secure Computing, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    1545-5971
  • Type

    jour

  • DOI
    10.1109/TDSC.2010.46
  • Filename
    5590253