This repository contains instructions on the usage of the tool and includes sample inter-arrival time (IATs) files (CSV format) for the following submission:
- Sebastian Zillien, Steffen Wendzel: Weaknesses of popular and recent covert channel detection methods and a remedy, in: IEEE Trans. Dependable and Secure Computing (TDSC), 2023.
Each script contains the relevant functions and a simple usage example.
Example run:
python epssim.py
This script expects a list of ascending packet times like Wireshark would record them, and calculates the compressibility scores for a window size of 2,000 packets.
This script expects a list of ascending packet times like Wireshark would record them, and calculates the epsilon-similarity scores for a window size of 2,000 packets for 6 different epsilon-thresholds.
This script expects a list of IATs and calculates the modified IATs for ε-κalibur.
This script expects a list of IATs and calculates the modified IATs for ε-κalibur-O.
iat.csvcontains a list of IATs as they would be produced by the original IAT covert channel.timings.csvcontains a list of ascending packet times of legitimate traffic, recorded with Wireshark.
For generating network traffic, one can use CCEAP together with its iat_encode tool. Afterwards, wireshark can be applied to record the traffic and extract the IAT values.
This script expects a pcap recording with a unidirectional flow (A->B or B->A, not mixed) and calculates the inter arrival times.
pcap2iat.sh recording.pcap