By Topic

Engineering Statistical Behaviors for Attacking and Defending Covert Channels

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Valentino Crespi ; Department of Computer Science, CSULA, Los Angeles, CA, USA ; George Cybenko ; Annarita Giani

This paper develops techniques for attacking and defending behavioral anomaly detection methods commonly used in network traffic analysis and covert channels. The main new result is our demonstration of how to use a behavior's or process' k-order statistics to build a stochastic process that has the same k-order stationary statistics but possesses different, deliberately designed, (k+1) -order statistics if desired. Such a model realizes a “complexification” of the process or behavior which a defender can use to monitor whether an attacker is shaping the behavior. We also describe a source coding technique that respects the k -order statistics, including entropy which is a first order statistic for example, of a process while encoding information covertly, and we show how to achieve optimizing information rates. Although the main results and examples are stated in terms of behavioral anomaly detection for covert channels, the techniques are more generally applicable to behavioral anomaly analysis. One fundamental consequence of these results is that certain types of behavioral anomaly detection techniques come down to an arms race in the sense that the advantage goes to the party that has more computing resources applied to the problem.

Published in:

IEEE Journal of Selected Topics in Signal Processing  (Volume:7 ,  Issue: 1 )