ConTra: A Covert Timing Channel Detection Approach for Little Covert Information in a Network

Abstract

A covert timing channel is a technical means that enables information hiding and covert communication. Due to the fact that covert timing channels can elude detection by security defence measures, they offer a substantial security risk to the information of Internet users when they are exploited for illicit reasons. The attacker sends at a low rate to ensure the stealthiness of the covert timing channel communication process, making the number of inter-arrival time encoded as covert information much less than the normal number of inter-arrival time, resulting in the low detection accuracy of existing detection methods. In this paper, we propose a covert timing channel detection method based on one-dimensional convolution and self-attention mechanism. The method begins with local feature extraction of the input inter-arrival time sequence by a one-dimensional convolutional layer, then characterizes the correlation between each inter-arrival time by a self-attention mechanism in the encoder, and finally through the full connection layer to produce the type output. In this study, experimental results on a public dataset and 16 self-built datasets demonstrate that the detection method delivers optimal detection results and efficient detection of covert information in low-volume communications.