International Journal of Open Information Technologies

The purpose of this paper is to describe the developed method of detecting network covert timing channels, based on machine learning algorithms. Detection of network covert channels is an actual problem, since the latter can be used to leak confidential information. One of the approaches to its solution is the use of machine learning algorithms. In order to apply machine learning algorithms in solving the detection problem, the network traffic under study must be pre-processed. The article describes the developed detection method, where it is proposed to use distributed big data processing methods implemented in Apache Spark to process network traffic. As a machine learning algorithm in the detection method, it is proposed to use gradient boosting over decision trees. The paper describes the architecture of the system in which it is proposed to implement the process of detecting covert channels. The dependences of network traffic processing time on various system parameters are investigated. It is proposed to use new features to detect covert channels. According to the research results, it has been revealed that the proposed method makes it possible to effectively detect network covert channels, and its feature is the speed of detection - through the use of distributed data processing technologies, and increasing accuracy - by adding new features.

Lampson, B. W. A Note on the Confinement Problem /Communications of the ACM. — 1973. — pp. 613-615.

Gianvecchio, S., Wang , H. An Entropy-based approach to detecting covert timing channel // IEEE Transactions on Dependable and Secure Computing.— 2011.— pp.785- 797.

F. Iglesias, R. Annessi,T. Zseby DAT detectors: uncovering TCP/IP covert channels by descriptive analytics //Security and Communication Networks. — 2016. — Vol. 9. — No. 15. — p. 3011-3029.

Shrestha, P. A Support Vector Machine-based framework for detection of covert timing channels//IEEE Transactions on Dependable and Secure Computing.—2016.— pp. 274-283.

F. Iglesias, R. Annessi,T. Zseby Are network covert timing channels statistical anomalies? // Proceedings of the 12th International Conference on Availability, Reliability and Security. — 2017. —No. 81.

Iglesias, R. Annessi,T. Zseby Analytic study of features for the detection of covert timing channels in network traffic //Journal of Cyber Security and Mobility. —2020. —Т. 6. — No. 3. — pp. 225-270.

Chourib, M. Detecting Selected Network Covert Channels Using Machine Learning /International Conference on High Performance Computing & Simulation (HPCS) —2019. — pp. 582– 588.

S. Al-Eidi, O. Darwish, Y. Chen Covert Timing Channel Analysis Either as Cyber Attacks or Confidential Applications/ Sensors (Basel). — 2020. — 20(8).

Yuvaraj, G. Covert Channels Detection with Supported Vector Machine and Hyperbolic Hopfield Neural Network 2019 / S. R. Lingham, J. Rajkamal https://www.sciencepubco.com/index.php/IJET (Reviewed — 11.03.2022).

Han J., Huang C., Shi F. Covert timing channel detection method based on time interval and payload length analysis/ Computers & Security —2020. — 97.

Al-Eidi S., Darwish O., Chen Y. SnapCatch: Automatic Detection of Covert Timing Channels Using Image Processing and Machine Learning/ IEEE Access —2021. — pp. 177-191. (doi: 10.1109/ACCESS.2020.3046234).

Elsadig M. A., Gafar A. Covert Channel Detection: Machine Learning Approaches / IEEE Access — 2022 (doi:10.1109/ACCESS.2022.3164392.)

Apache Hadoop https://hadoop.apache.org/ (Reviewed — 11.04.2022).

Jules S. Damji, Brooke Wenig, Tathagata Das & Denny Lee Learning Spark: Lightning-Fast Big Data Analytics/ O'Reilly Media — 2020 — 399 p.

M.J., Sakr S., Zomaya A. Apache Kafka. Encyclopedia of Big Data Technologies / — Cham — 2018.

NetFlow Traffic Analyzer - NetFlow analyzer and bandwidth monitoring software https://www.solarwinds.com/netflow-traffic-analyzer (Reviewed — 19.05.2022).

XGBoost4J-Spark Tutorial [https://xgboost.readthedocs.io/en/stable/jvm/xgboost4j_spark_tutorial.html (Reviewed — 15.05.2022).