Real-time GPU-based timing channel detection using entropy
作者: Ross K. Gegan , Vishal Ahuja , John D. Owens , Dipak Ghosal
关键词: Network packet 、 Covert channel 、 Communication channel 、 Packet processing 、 Telecommunications network 、 Computer science 、 Real-time computing 、 Network security 、 Conditional entropy 、 Entropy (information theory)
摘要: As line rates continue to grow, network security applications such as covert timing channel (CTC) detection must utilize new techniques for processing flows in order protect critical enterprise networks. GPU-based packet provides one means of scaling the CTCs and other anomalies flows. In this paper, we implement a tool, capable detecting model-based channels (MBCTCs). The GPU's ability process large number packets parallel enables more complex tests, corrected conditional entropy (CCE) test—a modified version measurement, which has variety outside detection. our experiments, evaluate CCE test's true false positive rates, well time required perform test on GPU. Our results demonstrate that GPU can be applied successfully real-time CTC at near 10 Gbps with high accuracy.
sci-hub.se 参考文章(21)
Jintao Zheng, Dafang Zhang, Yanbiao Li, Guo Li, Accelerate Packet Classification Using GPU: A Case Study on HiCuts Computer Science and its Applications. pp. 231- 238 ,(2015) , 10.1007/978-3-662-45402-2_34
Michalis Polychronakis, Evangelos P. Markatos, Sotiris Ioannidis, Giorgos Vasiliadis, Spiros Antonatos, Gnort: High Performance Network Intrusion Detection Using Graphics Processors recent advances in intrusion detection. pp. 116- 134 ,(2008) , 10.1007/978-3-540-87403-4_7
Anuj Kalia, David G. Andersen, Michael Kaminsky, Dong Zhou, Raising the bar for using GPUs in software packet processing networked systems design and implementation. pp. 409- 423 ,(2015)
A. Porta, G. Baselli, D. Liberati, N. Montano, C. Cogliati, T. Gnecchi-Ruscone, A. Malliani, S. Cerutti, Measuring regularity by means of a corrected conditional entropy in sympathetic outflow. Biological Cybernetics. ,vol. 78, pp. 71- 78 ,(1998) , 10.1007/S004220050414
Kush Kothari, Matthew Wright, Mimic: An active covert channel that evades regularity-based detection Computer Networks. ,vol. 57, pp. 647- 657 ,(2013) , 10.1016/J.COMNET.2012.10.008
Shengjia Shao, Ce Guo, Wayne Luk, Stephen Weston, Accelerating transfer entropy computation field-programmable technology. pp. 60- 67 ,(2014) , 10.1109/FPT.2014.7082754
Rennie Archibald, Dipak Ghosal, A comparative analysis of detection metrics for covert timing channels Computers & Security. ,vol. 45, pp. 284- 292 ,(2014) , 10.1016/J.COSE.2014.03.007
Matteo Varvello, Rafael Laufer, Feixiong Zhang, T.V. Lakshman, Multi-Layer Packet Classification with Graphics Processing Units conference on emerging network experiment and technology. pp. 109- 120 ,(2014) , 10.1145/2674005.2674990
I. Matta, Liang Guo, Differentiated predictive fair service for TCP flows international conference on network protocols. pp. 49- 58 ,(2000) , 10.1109/ICNP.2000.896291
Robert Strzodka, Michael Doggett, Andreas Kolb, Scientific computation for simulations on programmable graphics hardware Simulation Modelling Practice and Theory. ,vol. 13, pp. 667- 680 ,(2005) , 10.1016/J.SIMPAT.2005.08.001