Improving backdoor remote communication detection with covert channel feature analysis

Improving backdoor remote communication detection with covert channel feature analysis

This research introduces a novel framework, which supports the detection of covert timing channels by detailing generic covert timing channel features. The framework is developed using the design science research methodology and has been validated by gen- erating and detecting a simple covert timing...

Full description

Bibliographic Details
Main Author: Lehkonen, Riku Petteri
Other Authors: Faculty of Information Technology, Informaatioteknologian tiedekunta, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:eng
Published: 2024
Subjects:
Specialisation in Software Development
Ohjelmistokehityksen opintosuunta
Online Access: https://jyx.jyu.fi/handle/123456789/95718
_version_ 1828193032207335424
author Lehkonen, Riku Petteri
author2 Faculty of Information Technology Informaatioteknologian tiedekunta University of Jyväskylä Jyväskylän yliopisto
author_facet Lehkonen, Riku Petteri Faculty of Information Technology Informaatioteknologian tiedekunta University of Jyväskylä Jyväskylän yliopisto Lehkonen, Riku Petteri Faculty of Information Technology Informaatioteknologian tiedekunta University of Jyväskylä Jyväskylän yliopisto
author_sort Lehkonen, Riku Petteri
datasource_str_mv jyx
description This research introduces a novel framework, which supports the detection of covert timing channels by detailing generic covert timing channel features. The framework is developed using the design science research methodology and has been validated by gen- erating and detecting a simple covert timing channel. Furthermore, the study reviews the existing landscape of covert channels and determines that majority of research on covert channel detection is very protocol and environment dependant, thus there is lack of flexibil- ity for them to function as a generic detection technique. The absence of effective generic detection techniques makes it challenging to implement covert timing channel detection in practice, such as for backdoor detection. The research also highlights the insufficiency in current covert channel detection research, since it is not approached holistically through all the system elements. The resulting framework offers features for generic covert timing chan- nel detection developers, which may be used for classifiers. Enhancing the development of detectors for defense evasion techniques supports in improving backdoor remote communi- cation detection. The research was supported by Business Finland (grant number 10/31/2022) and the Univer- sity of Jyväkylä. Tässä tutkimuksessa esitellään uusi kehys, joka tukee ajoitus- peitekanavien havaitsemista määrittelemällä niiden yleiset ominaisuudet. Kehys on kehitetty käyttäen suunnittelututkimus tutkimusmenetelmää, ja se on validoitu luomalla ja havaitse- malla yksinkertainen ajoituspeitekanava. Lisäksi tutkimuksessa tarkastellaan olemassa ole- via peitekanavatutkimuksia ja todetaan, että suurin osa peitekanavien havaitsemista koske- vista tutkimuksista on hyvin protokollasta ja ympäristöstä riippuvaisia, joten ne eivät ole riittävän joustavia toimimaan yleisinä havaitsemistekniikoina. Tehokkaiden yleisten havait- semistekniikoiden puuttuminen tekee ajoituspeitekanavien havaitsemisen toteuttamisesta haas- tavaa käytännössä, kuten takaovien havaitsemiseksi. Tutkimuksessa korostetaan myös nykyisen peitekanavien havaitsemista koskevan tutkimuksen riittämättömyyttä, koska sitä ei lähestytä kokonaisvaltaisesti kaikkien järjestelmäelementtien kautta. Tutkimuksen tuloksena syntynyt kehys tarjoaa yleistettäviä ominaisuuksia ajoituspeitekanavien havaitsemisenmenetelmien kehittäjiä varten, joita voidaan käyttää luokittelijoissa. Puolustuksen välttämistekniikoiden havaitsemisen kehittämisen parantaminen tukee takaovien etäviestinnän havaitsemista. Tutkimusta ovat tukeneet Business Finland (apuraha nro 10/31/2022) ja Jyväkylän yliopisto.
first_indexed 2024-06-11T20:01:32Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Frantti, Tapio", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Lehkonen, Riku Petteri", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-06-10T19:45:35Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-06-10T19:45:35Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/95718", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This research introduces a novel framework, which supports the detection of\ncovert timing channels by detailing generic covert timing channel features. The framework\nis developed using the design science research methodology and has been validated by gen-\nerating and detecting a simple covert timing channel. Furthermore, the study reviews the\nexisting landscape of covert channels and determines that majority of research on covert\nchannel detection is very protocol and environment dependant, thus there is lack of flexibil-\nity for them to function as a generic detection technique. The absence of effective generic\ndetection techniques makes it challenging to implement covert timing channel detection in\npractice, such as for backdoor detection. The research also highlights the insufficiency in\ncurrent covert channel detection research, since it is not approached holistically through all\nthe system elements. The resulting framework offers features for generic covert timing chan-\nnel detection developers, which may be used for classifiers. Enhancing the development of\ndetectors for defense evasion techniques supports in improving backdoor remote communi-\ncation detection.\n\nThe research was supported by Business Finland (grant number 10/31/2022) and the Univer-\nsity of Jyv\u00e4kyl\u00e4.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 tutkimuksessa esitell\u00e4\u00e4n uusi kehys, joka tukee ajoitus-\npeitekanavien havaitsemista m\u00e4\u00e4rittelem\u00e4ll\u00e4 niiden yleiset ominaisuudet. Kehys on kehitetty\nk\u00e4ytt\u00e4en suunnittelututkimus tutkimusmenetelm\u00e4\u00e4, ja se on validoitu luomalla ja havaitse-\nmalla yksinkertainen ajoituspeitekanava. Lis\u00e4ksi tutkimuksessa tarkastellaan olemassa ole-\nvia peitekanavatutkimuksia ja todetaan, ett\u00e4 suurin osa peitekanavien havaitsemista koske-\nvista tutkimuksista on hyvin protokollasta ja ymp\u00e4rist\u00f6st\u00e4 riippuvaisia, joten ne eiv\u00e4t ole\nriitt\u00e4v\u00e4n joustavia toimimaan yleisin\u00e4 havaitsemistekniikoina. Tehokkaiden yleisten havait-\nsemistekniikoiden puuttuminen tekee ajoituspeitekanavien havaitsemisen toteuttamisesta haas-\ntavaa k\u00e4yt\u00e4nn\u00f6ss\u00e4, kuten takaovien havaitsemiseksi. Tutkimuksessa korostetaan my\u00f6s nykyisen\npeitekanavien havaitsemista koskevan tutkimuksen riitt\u00e4m\u00e4tt\u00f6myytt\u00e4, koska sit\u00e4 ei l\u00e4hestyt\u00e4\nkokonaisvaltaisesti kaikkien j\u00e4rjestelm\u00e4elementtien kautta. Tutkimuksen tuloksena syntynyt\nkehys tarjoaa yleistett\u00e4vi\u00e4 ominaisuuksia ajoituspeitekanavien havaitsemisenmenetelmien\nkehitt\u00e4ji\u00e4 varten, joita voidaan k\u00e4ytt\u00e4\u00e4 luokittelijoissa. Puolustuksen v\u00e4ltt\u00e4mistekniikoiden\nhavaitsemisen kehitt\u00e4misen parantaminen tukee takaovien et\u00e4viestinn\u00e4n havaitsemista.\n\nTutkimusta ovat tukeneet Business Finland (apuraha nro 10/31/2022) ja Jyv\u00e4kyl\u00e4n yliopisto.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-06-10T19:45:35Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-06-10T19:45:35Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "80", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "CC BY 4.0", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Improving backdoor remote communication detection with covert channel feature analysis", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202406104489", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Specialisation in Software Development", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Ohjelmistokehityksen opintosuunta", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://creativecommons.org/licenses/by/4.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_95718
language eng
last_indexed 2025-03-31T20:01:21Z
main_date 2024-01-01T00:00:00Z
main_date_str 2024
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/cad2c4c1-2381-4475-891e-efa657742b06\/download","text":"URN:NBN:fi:jyu-202406104489.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2024
record_format qdc
source_str_mv jyx
spellingShingle Lehkonen, Riku Petteri Improving backdoor remote communication detection with covert channel feature analysis Specialisation in Software Development Ohjelmistokehityksen opintosuunta
title Improving backdoor remote communication detection with covert channel feature analysis
title_full Improving backdoor remote communication detection with covert channel feature analysis
title_fullStr Improving backdoor remote communication detection with covert channel feature analysis Improving backdoor remote communication detection with covert channel feature analysis
title_full_unstemmed Improving backdoor remote communication detection with covert channel feature analysis Improving backdoor remote communication detection with covert channel feature analysis
title_short Improving backdoor remote communication detection with covert channel feature analysis
title_sort improving backdoor remote communication detection with covert channel feature analysis
title_txtP Improving backdoor remote communication detection with covert channel feature analysis
topic Specialisation in Software Development Ohjelmistokehityksen opintosuunta
topic_facet Ohjelmistokehityksen opintosuunta Specialisation in Software Development
url https://jyx.jyu.fi/handle/123456789/95718 http://www.urn.fi/URN:NBN:fi:jyu-202406104489
work_keys_str_mv AT lehkonenrikupetteri improvingbackdoorremotecommunicationdetectionwithcovertchannelfeatureanalysi

Similar Items