Model-Based Covert Timing Channels: Automated Modeling and Evasion

The exploration of advanced covert timing channel design is important to understand and defend against covert timing channels. In this paper, the authors introduce a new class of covert timing channels, called model-based covert timing channels, which exploit the statistical properties of legitimate network traffic to evade detection in an effective manner. They design and implement an automated framework for building model-based covert timing channels. The framework consists of four main components: filter, analyzer, encoder, and transmitter. The filter characterizes the features of legitimate network traffic, and the analyzer fits the observed traffic behavior to a model. Then, the encoder and transmitter use the model to generate covert traffic and blend with legitimate network traffic.