Engineering Statistical Behaviors for Attacking and Defending Covert Channels
作者: Valentino Crespi , George Cybenko , Annarita Giani
DOI: 10.1109/JSTSP.2012.2237378
关键词:
摘要: This paper develops techniques for attacking and defending behavioral anomaly detection methods commonly used in network traffic analysis covert channels. The main new result is our demonstration of how to use a behavior's or process' k-order statistics build stochastic process that has the same stationary but possesses different, deliberately designed, (k+1) -order if desired. Such model realizes “complexification” behavior which defender can monitor whether an attacker shaping behavior. We also describe source coding technique respects k statistics, including entropy first order statistic example, while encoding information covertly, we show achieve optimizing rates. Although results examples are stated terms channels, more generally applicable analysis. One fundamental consequence these certain types come down arms race sense advantage goes party computing resources applied problem.
harvard.edu
sci-hub.se 参考文章(38)
Valentino Crespi, George Cybenko, Annarita Giani, Attacking and Defending Covert Channels and Behavioral Models arXiv: Learning. ,(2011)
Colin de la Higuera, Jose Oncina, Learning stochastic finite automata international colloquium on grammatical inference. pp. 175- 186 ,(2004) , 10.1007/978-3-540-30195-0_16
David Kahn, The History of Steganography information hiding. pp. 1- 5 ,(1996) , 10.1007/3-540-61996-8_27
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
Alexander Grusho, Nikolai Grusho, Elena Timonina, Problems of Modeling in the Analysis of Covert Channels Lecture Notes in Computer Science. pp. 118- 124 ,(2010) , 10.1007/978-3-642-14706-7_9
Niels Provos, Defending against statistical steganalysis usenix security symposium. ,vol. 10, pp. 24- 24 ,(2001)
Manfred K. Warmuth, Naoki Abe, On the computational complexity of approximating distributions by probabilistic automata conference on learning theory. ,vol. 9, pp. 205- 260 ,(1990) , 10.5555/92571.92587
Lorenzo Finesso, Peter Spreij, Nonnegative matrix factorization and I-divergence alternating minimization☆ Linear Algebra and its Applications. ,vol. 416, pp. 270- 287 ,(2006) , 10.1016/J.LAA.2005.11.012
George Cybenko, Valentino Crespi, Learning Hidden Markov Models Using Nonnegative Matrix Factorization IEEE Transactions on Information Theory. ,vol. 57, pp. 3963- 3970 ,(2011) , 10.1109/TIT.2011.2132490
Annarita Giani, Vincent H. Berk, George V. Cybenko, Data exfiltration and covert channels Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense V. ,vol. 6201, pp. 620103- ,(2006) , 10.1117/12.670123