Real-Time Timing Channel Detection in a Software-Defined Networking Virtual Environment ()
ABSTRACT
Despite extensive research, timing channels
(TCs) are still known as a principal category of threats that aim to leak and
transmit information by perturbing the timing or ordering of events. Existing
TC detection approaches use either signature-based approaches to detect known
TCs or anomaly-based approach by modeling the legitimate network traffic in
order to detect unknown TCs. Un-fortunately, in a software-defined networking
(SDN) environment, most existing TC detection approaches would fail due to factors
such as volatile network traffic, imprecise timekeeping mechanisms, and
dynamic network topology. Furthermore, stealthy TCs can be designed to mimic
the legitimate traffic pattern and thus evade anomalous TC detection. In this
paper, we overcome the above challenges by presenting a novel framework that
harnesses the advantages of elastic re-sources in the cloud. In particular, our
framework dynamically configures SDN to enable/disable differential analysis
against outbound network flows of different virtual machines (VMs). Our
framework is tightly coupled with a new metric that first decomposes the timing
data of network flows into a number of using the discrete wavelet-based
multi-resolution transform (DWMT). It then applies the Kullback-Leibler divergence
(KLD) to measure the variance among flow pairs. The appealing feature of our
approach is that, compared with the existing anomaly detection approaches, it
can detect most existing and some new stealthy TCs without legitimate traffic
for modeling, even with the presence of noise and imprecise timekeeping
mechanism in an SDN virtual environment. We implement our framework as a
prototype system, OBSERVER, which can be dynamically deployed in an SDN
environment. Empirical evaluation shows that our approach can efficiently
detect TCs with a higher detection rate, lower latency, and negligible
performance overhead compared to existing approaches.
Share and Cite:
Liu, A. , Chen, J. and Wechsler, H. (2015) Real-Time Timing Channel Detection in a Software-Defined Networking Virtual Environment.
Intelligent Information Management,
7, 283-302. doi:
10.4236/iim.2015.76023.