A deep learning approach for detecting covert timing channel attacks using sequential data

The advanced development of communication technologies has made covert communications quite challenging to be recognized. By altering an entity's timing behavior during overt network communication, a covert timing channel (CTC) provides a way to leak sensitive data. This is becoming a serious threat due to the ability to transmit hidden messages without being detected by traditional security systems such as proxies and firewalls. In this paper, we explore the automatic classification and identification of covert timing channels using deep neural networks, namely, Long Short-Term Memory (LSTM), 1D-Convolutional Neural networks (1D-CNN), and a hybrid of LSTM and 1D-CNN. These classifiers have been trained and tested using sequence real inter-arrival times datasets labeled with covert or legitimate. The stream length differs for each dataset; (32, 64, 128, 256, and 512 bytes). Traditional machine-learning models have also been developed for comparisons and evaluation. The evaluation results showed that the hybrid of LSTM and CNN model outperforms other models either developed by deep neural networks or traditional machine learning with an accuracy of %97.5.