Covert Communication Detection (CoCoDe)

Abstract

The proposed project is organized into two main parts. In the first part, the relationship between network protocol features and behaviors and the resulting steganographic information capacity of that protocol will be established and the appropriate methodology will be derived. For this purpose modified information hiding patterns approach will be utilized. Resulting methodology will be applicable for assessing existing and new network protocols from the information hiding capabilities perspective. Using this knowledge, in the second part of the project we will analyze how effective the data mining-based detection approach can be. In more detail, we will investigate the relationship between the various preprocessing approaches, several data mining techniques and the detection rate of network covert data transfer. Furthermore, experimentally observed rates will be compared with the theoretical limits of the selected information hiding mechanisms. To this aim, we will investigate existing preprocessing techniques that are able to “produce” appropriate data from the network traffic for detection purposes using data mining patterns. Using this information various data mining patterns, for example, frequent sets, frequent episodes, or frequent sequences can be detected. Due to complexity and sophistication of the steganographic methods’ implementations as well as their different tuning possibilities the proposed research will utilize experimental approach. The prototype proof-of-concept detection system will be developed and implemented. Then experiments with detection of various classes of network steganographic techniques will be performed. In result, we will assess which data mining pattern detection methods are the most promising for covert communication discovery. Moreover, limits of each method associated with the detection rate for a given steganographic bandwidth will be investigated.

Document Details

Document Type
DoD Grant Award
Publication Date
Jul 28, 2017
Source ID
FA95501710254

Entities

People

  • Krzysztof Cabaj

Organizations

  • Air Force Office of Scientific Research
  • United States Air Force
  • Warsaw University of Technology

Tags

Fields of Study

  • Computer science

Readers

  • Neural Network Machine Learning.
  • Radio communications and signal processing.
  • Systems Analysis and Design

Technology Areas

  • AI & ML