Towards Distributed Network Covert Channels Detection Using Data Mining-based Approach

Krzysztof Cabaj , Wojciech Mazurczyk , Piotr Nowakowski , Piotr Żórawski


Currently, due to improvements in defensive systems network covert channels are increasingly drawing attention of cybercriminals and malware developers as they can provide stealthiness of the malicious communication and thus to bypass existing security solutions. On the other hand, the utilized data hiding methods are getting increasingly sophisticated as the attackers, in order to stay under the radar, distribute the covert data among many connections, protocols, etc. That is why, the detection of such threats becomes a pressing issue. In this paper we make an initial step in this direction by presenting a data mining-based detection of such advanced threats which relies on pattern discovery technique. The obtained, initial experimental results indicate that such solution has potential and should be further investigated.
Author Krzysztof Cabaj (FEIT / IN)
Krzysztof Cabaj,,
- The Institute of Computer Science
, Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
, Piotr Nowakowski
Piotr Nowakowski,,
, Piotr Żórawski (FEIT / IT)
Piotr Żórawski,,
- The Institute of Telecommunications
Publication size in sheets0.5
Book Doerr Christian, Schrittwieser Sebastian, Weippl Edgar (eds.): ARES 2018 Proceedings of the 13th International Conference on Availability, Reliability and Security, 2018, ACM, ISBN 978-1-4503-6448-5, 603 p.
projectCovert Communication Detection (CoCoDe). Project leader: Cabaj Krzysztof, , Phone: +48 22 234 7711, start date 01-09-2017, planned end date 31-08-2020, II/2017/CoCoDe/1, Implemented
Languageen angielski
paper_267[9349].pdf 1.13 MB
Score (nominal)15
ScoreMinisterial score = 15.0, 20-12-2018, BookChapterMatConf
Ministerial score (2013-2016) = 15.0, 20-12-2018, BookChapterMatConf
Citation count*
Share Share

Get link to the record

* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.