Entropy-based analyzing anomaly WEB traffic

被引：2

作者：

Nasseralfoghara, Mehrdad ^{[1
]}

Hamidi, HamidReza ^{[1
]}

机构：

[1] Imam Khomeini Int Univ, Fac Engn, Qazvin, Iran

来源：

JOURNAL OF HIGH SPEED NETWORKS | 2020年 / 26卷 / 04期

关键词：

Information security; convert channel; timing channel; WEB; entropy; TIMING CHANNELS; COVERT CHANNEL; ROBUST;

D O I：

10.3233/JHS-200642

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The application nature of HTTP protocol allows the creation of a covert timing channel based on different features of this protocol (or different levels) that has not been addressed in previous research. In this article, the entropy-based detection method was designed and implemented. The attacker can adjust the amount of channel entropy by controlling measures such as changing the channel's level or creating noise on the channel to protect from the analyzer's detection. As a result, the entropy threshold is not always constant for detection. By comparing the entropy from different levels of the channel and the analyzer, we concluded that the analyzer must investigate traffic at all possible levels. We also illustrated that by making noise on a covert channel, its capacity would decrease, but as entropy increases, it would be harder to detect it.

引用

页码：255 / 266

页数：12

共 36 条

[1]

Ahn T.S., 2016, 8 INT C UB FUT NETW, DOI 10.1109/ICUFN.2016.7537071

[2]

Archibald R., 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), P970, DOI 10.1109/TrustCom.2012.21

[3]

Berk V., 2005, Rapport technique TR536, de lUniversite de Dartmouth, P19

[4]

Beyrami B., 2014, J ELECTRON CYBER DEF, V2, P13

[5]

Brown E, 2010, PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON INFORMATION WARFARE AND SECURITY, P56

[6]

Cabuk S., 2004, P 11 ACM C COMP COMM, P178, DOI DOI 10.1145/1030083.1030108

[7] IP Covert Channel Detection [J].

Cabuk, Serdar ;

Brodley, Carla E. ;

Shields, Clay .

ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2009, 12 (04)

[8]

Carrara Brent., 2016, IHMMSec'16, page, P115, DOI DOI 10.1145/2909827

[9]

Chen A., 2014, 13 USENIX S OP SYST, V14

[10] Practical codes for queueing channels: An algebraic, state-space, message-passing approach [J].

Coleman, Todd P. ;

Kiyavash, Negar .

2008 IEEE INFORMATION THEORY WORKSHOP, 2008, :318-+

← 1 2 3 4 →