An Xgboost-based Method for Detecting Covert Timing Channel of Skype

doi:10.19678/j.issn.1000-3428.0057925

Abstract

Abstract: The covert timing channel exploits the packet delay to transmit secret information.Due to the complexity of the temporal features of network,the false alarm rate of the covert channels is high,masking the detection of the true targets.An Xgboost-based method for detecting covert timing channel of Skype is proposed.On the basis of the existing methods,which extract the Markov transition features,information entropy,mean and variance of the delay between packets,DCT coefficient,and ε-similarity of the Skype time series,the proposed method adds another three features,including the peak state,skewness and difference of standard deviation,so as to accurately understand the distribution of delay between packets and to screen the targets.At the same time,the method of five-fold cross verification is combined with the non-repeating sampling technology,so that every sample point is classified into training set or test set for only once in each iteration.Finally,the Xgboost algorithm is used for judgment and detection.Experimental results show that compared with the BP neural network method,the proposed method has higher detection rate and lower false alarm rate.

Key words: covert network channel, covert timing channel, five-fold cross validation, neural network, Xgboost algorithm

摘要： 时间式隐信道利用数据包的包间时延来传递秘密信息，受网络时间特性复杂性的影响，网络隐信道的检测率低且虚警率较高。提出一种利用Xgboost模型的Skype时间式隐信道检测方法。在传统提取Skype时间序列的Markov转移特性、信息熵、包间时延的均值与方差、DCT系数、ε-相似度等特征的基础上，增加峰态、偏态和标准偏差的差值3种特征，以准确了解包间时延分布并进行筛选排查，同时采用五折交叉验证法结合无重复抽样技术，使每次迭代时每个样本点只有一次被划入训练集或测试集，最终通过Xgboost算法进行判决和检测。实验结果表明，与BP神经网络方法相比，该方法检测率更高且虚警率更低。

关键词: 网络隐信道, 时间式隐信道, 五折交叉验证, 神经网络, Xgboost算法

CLC Number:

TP393

CHANG Tingting, ZHAI Jiangtao, DAI Yuewei. An Xgboost-based Method for Detecting Covert Timing Channel of Skype[J]. Computer Engineering, 2021, 47(7): 88-94.

常婷婷, 翟江涛, 戴跃伟. 一种基于Xgboost的Skype时间式隐信道检测方法[J]. 计算机工程, 2021, 47(7): 88-94.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0057925

http://www.ecice06.com/EN/Y2021/V47/I7/88

Figures/Tables 10

References

[1] CHEDDAD A,CONDELL J,CURRAN K,et al.Digital image steganography:survey and analysis of current methods[J].Signal Processing,2010,90(3):727-752.
[2] COX I,MILLER M,BLOOM J,et al.Digital watermarking and steganography[EB/OL].[2020-01-05].https://booksite.elsevier.com/samplechapters/9780123725851/Sample_Chapters/01~Front_Matter.pdf.
[3] 董丽鹏,陈性元,杨英杰,等.网络隐蔽信道实现机制及检测技术研究[J].计算机科学,2015,42(7):216-221,244. DONG L P,CHEN X Y,YANG Y J,et al.Research on the implementation mechanism and detection technology of network hidden channel[J].Computer Science,2015,42(7):216-221,244.(in Chinese)
[4] MAZURCZYK W,KARAS M,SZCZYPIORSKI K.SkyDe:a Skype-based steganographic method[J].International Journal of Computers,Communications and Control,2013,8(3):432-443.
[5] YU J M,ZHU C Y,TANG S H,et al.Deepflow:hiding anonymous communication traffic in P2P streaming networks[J].Wuhan University Journal of Natural Sciences,2014,19(5):417-425.
[6] FRCZEK W,SZCZYPIORSKI K.Perfect undetectability of network steganography[J].Security & Communication Networks,2016,9(15):2998-3010.
[7] DRZYMATA M,SZCZYPIORSKI K,URBAŃSKI M L.Network steganography in the DNS protocol[J].International Journal of Electronics &Telecommunications,2016,62(4):343-346.
[8] 何磊,郭晓军,张春玉.一种基于时间隐蔽信道的WSN认证算法[J].实验技术与管理,2014,52(9):59-61,86. HE L,GUO X J,ZHANG C Y.An authentication algorithm based on timing covert channel in WSN[J].Experimental Technology and Management,2014,52(9):59-61,86.(in Chinese)
[9] REZAEI F,HEMPEL M,RAKSHIT S M.Automated covert channel modeling over a real network platform[C]//Proceedings of International Wireless Communications & Mobile Computing Conference.Washington D.C.,USA:IEEE Press,2014:559-564.
[10] HOVHANNISYAN H,LU K J,WANG J P.A novel high-speed IP-timing covert channel:design and evaluation[C]//Proceedings of IEEE International Conference on Communications.Washington D.C.,USA:IEEE Press,2015:7198-7203.
[11] XIA Z H,WANG X H,SUN X M,et al.Steganalysis of least significant bit matching using multi-order differences[J].Security & Communication Networks,2014,7(8):1283-1291.
[12] LU X R,HUANG L S,YANG W.Concealed in the Internet:a novel covert channel with normal traffic imitating[C]//Proceedings of 2016 IEEE Conferences on Ubiquitous Intelligence & Computing.Washington D.C.,USA:IEEE Press,2017:125-136.
[13] ARCHIBALD R,GHOSAL D.Design and analysis of a model-based covert timing channel for skype traffic[C]//Proceedings of IEEE Conference on Communications and Network Security.Washington D.C.,USA:IEEE Press,2015:236-244.
[14] 李萌,翟江涛,戴跃伟.一种针对Skype时间特性拟合的网络隐写检测方法[J].计算机应用研究,2018,35(6):1803-1807. LI M,ZHAI J T,DAI Y W.A network steganographic detection method for Skype time feature fitting[J].Application Research of Computers,2018,35(6):1803-1807.(in Chinese)
[15] CABUK S,BRODLEY C E,SHIELDS C.IP covert timing channels:design and detection[C]//Proceedings of ACM Conference on Computer & Communications Security.New York,USA:ACM Press,2004:122-136.
[16] 崔艳鹏,史科杏,胡建伟.基于Xgboost算法的Web shell检测方法研究[J].计算机科学,2018,45(z1):375-379. CUI Y P,SHI K X,HU J W.Research on Web shell detection method based on Xgboost algorithm[J].Computer Science,2018,45(z1):375-379.(in Chinese)
[17] CHEN T,HE T,BENESTY M.Xgboost:extreme gradient boosting[EB/OL].[2020-01-05].http://mysql.orst.edu/pub/cran/web/packages/Xgboost/vignettes/Xgboost.pdf.
[18] CHEN T,GUESTRIN C.Xgboost:a scalable tree boosting system[C]//Proceedings of ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.New York,USA:ACM Press,2016:785-794.
[19] ZIEBA M,TOMCZAK S K,TOMCZAK J M.Ensemble boosted trees with synthetic features generation in application to bankruptcy prediction[J].Expert Systems with Applications,2016,58:93-101.
[20] 王重仁,韩冬梅.基于社交网络分析和Xgboost算法的互联网客户流失预测研究[J].微型机与应用,2017,36(23):62-65. WANG C R,HAN D M.Prediction of Internet customer loss based on social network analysis and Xgboost algorithm[J].Microcomputer and Application,2017,36(23):62-65.(in Chinese)
[21] 赵天傲,郑山红,李万龙,等.基于Xgboost的信用风险分析的研究[J].软件工程,2018,21(6):29-32. ZHAO T N,ZHENG S H,LI W L.Research on credit risk analysis based on Xgboost[J].Software Engineering,2018,21(6):29-32.(in Chinese)
[22] 刘金硕,刘必为,张密,等.基于GBDT的电力计量设备故障预测[J].计算机科学,2019,46(6):392-396. LIU J S,LIU B W,ZHANG M,et al.Fault prediction of power metering equipment based on GBDT[J].Computer Science,2019,46(6):392-396.(in Chinese)

Please choose a citation manager

Content to export