• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Detection and Parameter Estimation for Jitterbug Covert Channel Based on Coefficient of Variation

Vol. 10, No. 4, April 29, 2016
10.3837/tiis.2016.04.026, Download Paper (Free):

Abstract

Jitterbug is a passive network covert timing channel supplying reliable stealthy transmission. It is also the basic manner of some improved covert timing channels designed for higher undetectability. The existing entropy-based detection scheme based on training sample binning may suffer from model mismatching, which results in detection performance deterioration. In this paper, a new detection method based on the feature of Jitterbug covert channel traffic is proposed. A fixed binning strategy without training samples is used to obtain bins distribution feature. Coefficient of variation (CV) is calculated for several sets of selected bins and the weighted mean is used to calculate the final CV value to distinguish Jitterbug from normal traffic. Furthermore, the timing window parameter of Jitterbug is estimated based on the detected traffic. Experimental results show that the proposed detection method can achieve high detection performance even with interference of network jitter, and the parameter estimation method can provide accurate values after accumulating plenty of detected samples.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
H. Wang, G. Liu, J. Zhai and Y. Dai, "Detection and Parameter Estimation for Jitterbug Covert Channel Based on Coefficient of Variation," KSII Transactions on Internet and Information Systems, vol. 10, no. 4, pp. 1927-1943, 2016. DOI: 10.3837/tiis.2016.04.026.

[ACM Style]
Hao Wang, Guangjie Liu, Jiangtao Zhai, and Yuewei Dai. 2016. Detection and Parameter Estimation for Jitterbug Covert Channel Based on Coefficient of Variation. KSII Transactions on Internet and Information Systems, 10, 4, (2016), 1927-1943. DOI: 10.3837/tiis.2016.04.026.