Entry Cabuk:2009:ICC from tissec.bib
Last update: Sun Oct 15 02:58:48 MDT 2017
Top |
Symbols |
Numbers |
Math |
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
BibTeX entry
@Article{Cabuk:2009:ICC,
author = "Serdar Cabuk and Carla E. Brodley and Clay Shields",
title = "{IP} Covert Channel Detection",
journal = j-TISSEC,
volume = "12",
number = "4",
pages = "22:1--22:29",
month = apr,
year = "2009",
CODEN = "ATISBQ",
DOI = "https://doi.org/10.1145/1513601.1513604",
ISSN = "1094-9224 (print), 1557-7406 (electronic)",
ISSN-L = "1094-9224",
bibdate = "Thu May 14 13:53:50 MDT 2009",
bibsource = "http://portal.acm.org/;
http://www.math.utah.edu/pub/tex/bib/tissec.bib",
abstract = "A covert channel can occur when an attacker finds and
exploits a shared resource that is not designed to be a
communication mechanism. A network covert channel
operates by altering the timing of otherwise legitimate
network traffic so that the arrival times of packets
encode confidential data that an attacker wants to
exfiltrate from a secure area from which she has no
other means of communication. In this article, we
present the first public implementation of an IP covert
channel, discuss the subtle issues that arose in its
design, and present a discussion on its efficacy. We
then show that an IP covert channel can be
differentiated from legitimate channels and present new
detection measures that provide detection rates over
95\%. We next take the simple step an attacker would of
adding noise to the channel to attempt to conceal the
covert communication. For these noisy IP covert timing
channels, we show that our online detection measures
can fail to identify the covert channel for noise
levels higher than 10\%. We then provide effective
offline search mechanisms that identify the noisy
channels.",
acknowledgement = ack-nhfb,
articleno = "22",
fjournal = "ACM Transactions on Information and System Security",
journal-URL = "http://portal.acm.org/browse_dl.cfm?idx=J789",
keywords = "channel detection; information hiding; network covert
channels",
}
Related entries
- adding,
12(3)18,
13(4)30,
16(2)6
- altering,
12(2)8
- area,
12(2)8,
14(1)13,
14(1)14,
15(3)12,
17(4)16,
18(2)7
- article,
10(1)3,
11(1)3,
11(1)4,
11(2)5,
11(3)12,
11(3)14,
11(3)15,
11(3)16,
11(4)20,
11(4)22,
11(4)23,
12(1)1,
12(1)2,
12(1)4,
12(1)6,
12(2)8,
12(2)10,
12(2)13,
12(3)14,
12(3)16,
12(3)17,
12(3)19,
12(4)21,
13(3)22,
13(3)24,
13(3)25,
13(3)27,
13(3)28,
13(4)29,
13(4)31,
13(4)32,
13(4)34,
13(4)36,
13(4)41,
14(1)2,
14(1)3,
14(1)4,
14(1)10,
14(1)13,
14(1)14,
14(3)23,
14(3)25,
14(4)30,
15(2)9,
15(2)10,
15(3)11,
15(3)12,
15(3)13,
15(4)15,
15(4)16,
15(4)17,
16(1)1,
16(1)4,
16(2)6,
16(2)7,
16(2)8,
16(3)10,
16(4)14,
16(4)15,
17(2)8,
17(3)9,
17(3)11,
17(3)12,
17(4)13,
17(4)16,
18(1)3,
18(2)5,
18(2)7,
18(3)9,
18(3)10,
18(3)11,
18(4)12,
18(4)14
- attacker,
2(2)159,
8(1)78,
10(1)4,
10(4)3,
10(4)6,
11(3)12,
11(3)15,
12(1)4,
12(2)12,
12(3)17,
13(4)37,
14(1)7,
14(1)13,
14(4)31,
15(1)2,
15(4)16,
17(2)8,
17(3)11,
17(4)13,
17(4)16,
18(1)1,
18(2)7,
18(4)13
- attempt,
11(4)19,
12(1)5,
12(2)11,
12(2)12,
13(4)41,
14(3)27,
15(3)12,
17(4)16,
18(3)9
- Brodley, Carla E.,
2(3)295
- channel,
12(3)17,
15(2)7,
17(2)8,
17(3)9,
17(3)12,
18(1)4
- communication,
4(3)289,
4(4)371,
7(4)523,
10(3)9,
10(4)6,
11(1)2,
11(2)2,
11(2)3,
11(3)14,
11(4)18,
12(1)2,
12(3)15,
12(3)16,
12(4)21,
13(1)8,
13(4)29,
14(1)4,
14(1)12,
15(1)5,
15(2)6,
15(2)7,
15(2)9,
15(3)14,
16(3)10,
16(4)15,
17(1)4,
17(3)9,
18(2)5,
18(2)7
- conceal,
12(2)13
- confidential,
11(2)2,
12(3)17
- design,
1(1)66,
2(1)34,
2(1)105,
2(2)138,
2(3)269,
2(4)390,
2(4)416,
10(2)7,
10(3)11,
10(4)1,
11(1)2,
11(2)1,
11(4)18,
11(4)23,
12(1)3,
12(2)8,
12(2)11,
12(3)17,
12(4)20,
13(1)10,
13(4)29,
13(4)32,
14(1)8,
14(3)24,
15(3)13,
16(2)5,
16(2)6,
16(2)8,
16(4)16,
17(1)4,
17(2)7,
17(2)8,
17(4)13,
18(1)1,
18(1)3,
18(4)12
- designed,
2(4)416,
10(3)10,
10(3)11,
10(3)12,
11(1)2,
11(3)12,
12(4)21,
13(3)25,
13(4)38,
16(2)5,
16(2)8,
16(3)9,
16(3)10,
16(4)14,
17(4)13,
18(1)3
- detection,
2(2)159,
2(3)295,
3(1)1,
3(3)186,
3(4)227,
3(4)262,
4(4)407,
5(3)203,
6(2)173,
6(4)443,
7(4)591,
9(1)61,
10(1)4,
11(2)2,
11(3)12,
11(3)15,
11(4)19,
11(4)20,
12(2)11,
12(2)12,
12(2)13,
13(2)12,
13(4)30,
14(1)13,
14(3)27,
15(2)6,
15(3)11,
15(4)17,
17(4)13,
17(4)15,
18(1)2,
18(2)7,
18(3)9
- discuss,
2(1)105,
10(2)5,
10(2)8,
11(1)2,
11(2)1,
12(4)20,
13(3)22,
13(3)25,
13(4)35,
14(3)24,
17(1)3,
18(2)7
- discussion,
17(1)4
- effective,
2(3)269,
9(2)113,
9(4)391,
10(1)4,
11(3)12,
11(4)22,
12(2)10,
12(2)13,
15(3)12,
15(4)16,
17(1)3,
17(4)13,
18(1)1,
18(4)12
- efficacy,
12(2)13,
13(4)35,
15(1)5,
18(3)11
- encode,
2(3)295,
15(1)4
- exploit,
2(4)416,
12(1)1,
12(2)11,
13(3)28,
15(1)2,
16(4)13,
17(1)1,
17(3)11
- fail,
11(2)3,
12(2)8,
13(3)25,
16(2)5,
17(3)9
- find,
10(1)4,
12(1)3,
12(1)6,
12(2)10,
15(1)5,
15(4)18,
16(2)8,
17(3)11,
17(4)13,
18(3)10,
18(4)12
- first,
2(1)34,
2(1)105,
2(4)354,
9(2)181,
10(4)6,
11(2)3,
11(2)4,
11(3)13,
11(4)18,
11(4)22,
12(1)3,
12(1)5,
12(3)18,
13(4)31,
13(4)32,
14(1)13,
14(3)25,
14(4)30,
14(4)31,
15(4)17,
15(4)18,
16(3)10,
17(1)4,
17(2)6,
17(3)11,
18(1)4,
18(3)9,
18(4)12,
18(4)13
- has,
1(1)93,
2(1)105,
2(2)138,
2(3)230,
2(3)269,
2(3)332,
9(4)391,
10(1)3,
10(1)4,
10(3)10,
11(1)2,
11(2)2,
11(3)14,
11(4)17,
11(4)19,
11(4)22,
11(4)23,
12(1)2,
12(2)9,
12(2)10,
12(3)15,
13(3)20,
13(3)25,
13(3)26,
13(3)27,
13(3)28,
13(4)36,
14(1)3,
14(1)12,
14(1)14,
14(3)26,
14(4)28,
15(1)2,
15(2)6,
15(2)10,
15(3)12,
16(2)8,
16(4)14,
17(1)2,
17(1)3,
17(3)9,
17(3)11,
17(4)14,
17(4)15,
17(4)16,
18(2)7,
18(3)11,
18(4)14
- hiding,
17(1)4
- higher,
14(1)7,
17(3)12
- identify,
11(2)2,
11(3)12,
11(3)15,
11(3)16,
11(4)18,
11(4)20,
12(1)4,
12(4)20,
13(4)35,
14(1)13,
15(4)18,
16(2)7,
17(4)13,
18(4)13
- implementation,
1(1)3,
1(1)26,
1(1)66,
2(1)34,
2(2)177,
2(4)390,
2(4)416,
7(2)319,
11(1)2,
11(1)3,
11(1)4,
11(3)16,
11(4)18,
11(4)22,
12(1)1,
12(2)10,
12(2)11,
12(3)14,
13(1)4,
13(3)26,
13(3)27,
14(1)3,
15(1)3,
15(2)8,
15(3)13,
15(4)16,
16(1)1,
16(1)2,
16(3)9,
16(3)10,
16(3)11,
16(4)13,
17(2)5,
17(2)8,
18(1)2,
18(1)3,
18(1)4
- IP,
5(2)119,
10(3)9,
10(3)11,
13(4)35,
15(2)6,
15(4)16,
16(4)14
- issue,
1(1)66,
2(1)65,
2(4)354,
8(4)349,
10(1)1,
10(3)12,
11(1)2,
12(1)5,
12(2)7,
12(3)15,
13(1)1,
13(2)11,
13(3)22,
13(3)26,
13(4)32,
15(1)1,
15(2)7,
16(2)7,
16(3)12,
17(1)1,
17(1)2
- legitimate,
11(2)5,
14(1)2,
15(4)16,
16(4)13,
16(4)16
- level,
2(1)34,
2(3)269,
2(3)332,
10(1)2,
10(1)4,
11(4)18,
12(1)4,
12(2)8,
15(2)7,
15(3)12
- mean,
1(1)26,
2(1)34,
2(3)230,
10(3)10,
11(2)2,
14(1)5,
14(3)27,
15(3)12,
16(2)8,
18(4)14
- measure,
2(3)269,
2(3)295,
9(2)162,
10(4)5,
11(4)17,
12(3)17,
13(3)22,
13(4)36,
15(1)2,
16(2)6,
17(1)1,
18(1)1,
18(2)5
- mechanism,
2(2)177,
3(1)51,
10(2)8,
10(4)4,
10(4)6,
11(2)5,
11(3)12,
11(3)16,
12(1)4,
12(2)9,
12(2)11,
12(2)13,
12(3)15,
12(3)19,
13(3)21,
13(3)24,
13(3)25,
13(3)28,
13(4)29,
14(1)3,
14(1)11,
14(3)24,
14(3)27,
15(1)5,
15(2)6,
15(2)10,
16(1)3,
16(2)5,
16(3)12,
17(1)3,
17(2)5,
17(3)10,
18(4)14
- new,
1(1)3,
1(1)93,
2(1)105,
2(2)138,
2(3)295,
9(2)181,
9(4)461,
10(1)3,
10(2)6,
10(4)6,
11(4)17,
12(1)2,
12(1)3,
12(2)11,
12(3)14,
12(3)15,
12(3)16,
12(4)21,
13(2)15,
13(4)29,
13(4)34,
14(1)4,
14(1)5,
14(1)6,
14(1)13,
14(3)23,
14(3)27,
14(4)30,
15(1)3,
15(2)7,
15(2)9,
15(2)10,
15(3)12,
15(4)15,
16(2)5,
16(2)7,
16(3)12,
16(4)16,
16(4)17,
17(1)4,
17(2)7,
17(3)10,
17(4)15,
18(1)1,
18(1)2,
18(3)10,
18(3)11
- next,
2(2)138
- noise,
18(4)12
- not,
1(1)26,
2(1)65,
2(2)177,
2(3)230,
2(3)269,
2(4)390,
9(4)421,
10(1)3,
10(4)2,
11(1)3,
11(1)4,
11(2)2,
11(2)4,
11(2)5,
11(3)12,
11(3)13,
11(3)15,
11(3)16,
11(4)19,
11(4)20,
11(4)22,
12(1)1,
12(1)2,
12(1)3,
12(1)6,
12(2)10,
12(2)11,
12(2)13,
12(3)14,
13(1)10,
13(3)28,
13(4)33,
13(4)35,
13(4)36,
13(4)37,
13(4)39,
13(4)40,
14(3)23,
14(3)27,
14(4)28,
14(4)29,
14(4)31,
15(2)6,
15(2)9,
15(2)10,
15(3)12,
15(3)13,
16(1)1,
16(2)5,
16(2)6,
16(3)9,
16(3)12,
16(4)13,
16(4)15,
16(4)16,
17(1)2,
17(3)10,
17(4)15,
18(1)1,
18(3)9,
18(4)13
- occur,
10(3)12
- offline,
18(1)1
- online,
1(1)3,
9(3)235,
11(2)5,
11(4)19,
12(2)13,
13(4)41,
14(1)11,
14(4)32,
15(2)9,
16(2)7,
16(4)14,
17(4)14,
18(1)1,
18(4)13
- operate,
1(1)66,
13(4)30
- other,
1(1)93,
2(4)354,
9(4)461,
10(3)9,
10(3)10,
10(3)11,
10(3)12,
10(4)1,
10(4)5,
11(2)2,
11(2)6,
11(3)15,
11(4)18,
11(4)23,
12(1)3,
12(2)8,
12(2)10,
12(3)14,
12(3)17,
13(3)24,
13(3)25,
13(4)40,
14(3)23,
14(3)27,
14(4)30,
15(1)5,
15(2)6,
15(3)11,
15(3)14,
15(4)15,
16(4)15,
17(2)8,
17(3)9,
18(1)1,
18(1)3,
18(2)6,
18(4)12
- otherwise,
12(3)14,
15(2)10
- packet,
2(3)269,
7(2)319,
11(2)2,
11(3)15,
12(2)10,
12(2)11,
12(2)13,
13(4)35,
14(1)5,
14(1)7,
15(2)6,
15(4)16
- present,
1(1)26,
2(1)3,
2(1)65,
2(2)177,
2(3)230,
2(3)269,
2(3)295,
2(4)354,
7(2)319,
9(2)181,
9(4)461,
10(1)2,
10(2)7,
10(3)10,
10(3)11,
10(3)12,
10(4)2,
10(4)3,
11(1)2,
11(1)4,
11(2)2,
11(2)5,
11(3)14,
11(4)22,
12(1)2,
12(1)4,
12(2)10,
12(2)11,
12(3)14,
12(3)15,
12(3)16,
12(3)17,
13(1)10,
13(3)20,
13(3)22,
13(3)25,
13(3)28,
13(4)29,
13(4)41,
14(1)4,
14(1)5,
14(1)6,
15(1)2,
15(2)6,
15(2)8,
15(2)10,
15(3)12,
15(3)13,
15(4)16,
15(4)18,
16(2)6,
16(2)7,
16(4)13,
16(4)14,
17(1)4,
17(2)6,
17(2)7,
17(2)8,
17(3)9,
17(3)12,
17(4)14,
17(4)15,
17(4)16,
18(1)3,
18(1)4,
18(2)7,
18(3)9,
18(3)10,
18(3)11,
18(4)12,
18(4)14
- provide,
1(1)3,
1(1)93,
2(1)3,
2(1)34,
2(1)65,
2(1)105,
2(3)230,
2(4)390,
7(2)319,
10(1)3,
10(2)8,
10(3)10,
10(4)2,
10(4)6,
11(1)3,
11(1)4,
11(2)2,
11(3)12,
11(3)13,
11(4)17,
11(4)20,
11(4)23,
12(1)2,
12(1)3,
12(2)8,
12(2)9,
12(3)14,
12(3)15,
12(3)16,
13(3)22,
13(3)24,
13(4)31,
13(4)34,
13(4)38,
13(4)41,
14(1)4,
14(1)7,
14(1)8,
14(3)25,
14(4)28,
15(2)6,
15(2)10,
15(4)17,
15(4)18,
16(1)3,
16(2)5,
16(3)9,
16(3)11,
16(4)17,
17(2)5,
17(3)11,
17(3)12,
17(4)16,
18(1)1,
18(1)2,
18(2)5,
18(2)7,
18(4)13,
18(4)14
- public,
1(1)66,
2(2)138,
2(3)230,
4(4)453,
7(1)21,
10(3)10,
11(2)4,
11(3)16,
12(1)3,
12(3)16,
12(3)18,
16(4)15,
17(2)5,
17(3)10
- rate,
1(1)3,
10(4)1,
11(3)15,
11(4)20,
13(4)35,
14(1)5,
15(2)7,
15(4)16,
16(2)8,
18(4)14
- resource,
2(3)332,
9(4)391,
10(4)4,
11(1)2,
11(1)3,
11(1)4,
11(2)2,
11(3)14,
11(4)19,
11(4)20,
12(1)1,
12(1)6,
13(3)20,
14(1)7,
14(1)10,
15(4)18,
17(1)2,
17(3)9,
18(2)6
- search,
12(3)16,
13(4)35,
17(4)13
- secure,
1(1)93,
2(2)159,
2(2)177,
2(3)332,
2(4)390,
4(1)72,
4(2)103,
4(2)134,
4(4)321,
5(3)290,
6(4)472,
7(4)523,
9(1)1,
9(1)31,
9(1)94,
9(2)162,
9(4)461,
10(2)8,
10(3)10,
10(3)11,
10(4)3,
10(4)6,
11(2)4,
11(2)5,
11(3)13,
11(3)14,
11(4)18,
11(4)22,
11(4)23,
12(1)2,
12(1)3,
12(1)6,
12(3)16,
12(3)18,
12(4)21,
13(1)9,
13(3)21,
13(3)28,
13(4)29,
14(3)23,
14(3)27,
14(4)31,
15(2)6,
15(2)9,
16(3)11,
16(4)15,
17(2)5,
17(2)6,
17(4)13,
18(2)5,
18(4)13
- shared,
10(3)10,
11(1)2,
11(1)3,
11(1)4,
12(2)8,
14(1)11
- Shields, Clay,
7(3)333,
7(4)489,
11(2)3
- simple,
2(3)230,
5(3)203,
9(2)181,
10(1)4,
10(3)11,
12(2)9,
12(2)13,
12(3)18,
12(4)21,
13(3)26,
13(4)33,
14(3)27,
15(2)9,
15(4)17,
17(1)2,
18(1)1
- step,
10(1)2,
10(1)4,
12(3)18,
12(3)19,
13(1)10,
13(4)40,
14(3)26,
14(3)27,
15(4)18,
16(1)4,
16(3)10
- subtle,
16(4)13,
17(1)4
- take,
2(4)416,
10(4)1,
12(3)17,
12(3)19,
13(3)20,
16(2)5,
16(3)9,
16(3)10,
16(4)15,
17(3)10,
18(1)4,
18(2)5,
18(4)12
- than,
2(1)3,
2(1)65,
2(3)332,
9(4)391,
9(4)461,
10(1)4,
11(2)3,
11(2)6,
11(3)14,
12(1)1,
12(2)10,
12(3)16,
13(1)10,
13(3)21,
13(4)29,
13(4)31,
13(4)35,
14(3)27,
14(4)31,
15(1)5,
15(2)9,
15(2)10,
15(4)15,
15(4)16,
16(2)8,
16(4)17,
17(1)2,
17(3)9,
17(3)10,
17(3)12,
17(4)14,
17(4)16,
18(4)13
- then,
1(1)3,
2(1)3,
2(1)65,
2(2)138,
9(4)461,
10(1)2,
10(1)4,
11(2)4,
11(4)18,
12(2)8,
12(2)13,
12(3)18,
13(1)10,
13(3)22,
13(3)25,
13(4)32,
14(4)30,
14(4)31,
14(4)32,
15(1)4,
15(2)6,
15(3)13,
15(4)18,
16(2)5,
16(2)8,
17(3)9,
17(4)15,
18(1)3,
18(1)4,
18(4)12
- time,
2(1)105,
2(3)332,
2(4)390,
2(4)416,
9(4)461,
10(1)3,
10(2)8,
11(2)3,
11(2)4,
11(2)5,
11(3)13,
11(4)17,
11(4)20,
11(4)21,
11(4)23,
12(2)8,
12(3)17,
12(3)18,
12(3)19,
12(4)20,
12(4)21,
13(4)37,
13(4)39,
14(1)2,
14(1)11,
14(1)14,
14(3)26,
14(4)31,
15(2)7,
15(3)12,
15(4)17,
16(1)4,
16(4)13,
16(4)14,
16(4)17,
17(3)9,
17(3)10,
17(3)11,
17(4)13,
18(1)2,
18(1)4,
18(3)10
- timing,
2(4)416,
12(2)13,
12(3)17,
16(1)3,
17(2)8
- traffic,
2(3)269,
10(2)8,
11(2)2,
11(2)3,
11(3)14,
12(2)13,
15(2)6,
15(4)16,
17(1)4
- want,
10(1)4,
11(4)19,
11(4)23,
12(1)6,
18(4)13
- when,
2(3)295,
10(2)7,
10(3)12,
10(4)4,
10(4)6,
11(2)3,
11(2)6,
11(3)15,
11(3)16,
11(4)17,
11(4)18,
12(2)10,
12(2)11,
12(4)20,
13(1)10,
13(3)27,
13(4)32,
13(4)34,
13(4)35,
13(4)37,
15(2)6,
15(2)9,
15(2)10,
15(3)14,
16(1)3,
16(2)8,
17(3)9,
17(4)13,
18(3)9,
18(4)12
- would,
2(2)159,
10(4)1,
12(2)13,
13(3)26,
15(2)6,
15(2)10,
16(2)8,
17(3)11,
18(3)9