Detecting covert timing channels using non-parametric statistical approaches

Extensive availability and development of Internet applications and services open up the opportunity for abusing network and Internet resources to distribute malicious data and leak sensitive information. One of the prevalent information-hiding approaches suitable for such activities is known as Covert Timing Channel (CTC), which utilizes the modulation of Inter-Packet Delays (IPDs) to embed secret data and transfers that to designated receivers. In this paper, we propose two different non-parametric statistical tests that can be employed to detect this type of covert communication activities over a network. The new detection metrics are evaluated and verified against four different and highly recognized CTC algorithms. The experimental results show that the proposed detection metrics can reliably and effectively distinguish between the covert and overt traffic flows, thus significantly supporting our research toward an accurate blind and comprehensive CTC detection. This is a capability vital to cyber security in today´s information society.