hihasasihi

Robust Covert Timing Channels

Covert timing channels aim at transmitting hidden messages by controlling the time between transmissions of consecutive payload packets in overt network communication. Previous results used encoding mechanisms that are either easy to detect with statistical analysis, thus spoiling the purpose of a covert channel, and/or are highly sensitive to channel noise, rendering them useless in practice.

In our work, we introduce a novel covert timing channel which allows to balance undetectability and robustness: i) the encoded message is modulated in the inter-packet delay of the underlying overt communication channel such that the statistical properties of regular traffic can be closely approximated and ii) the underlying encoding employs spreading techniques to provide robustness.We experimentally validate the effectiveness of our approach by establishing covert channels over online gaming traffic. The experimental results show that our covert timing channel can achieve strong robustness and undetectability, by varying the data transmission rate.

hihasasihi

Covert communication is clandestine communication which hides the fact that communication is indeed occurring. For example,steganography is a form of covert channel to hide the presence of communication through the embedding of a secret message in an innocuous carrier medium, such as digital audio, image, and video. With the rapid development of multimedia techniques and broadband networks, there has been an explosion in the communication of mulitmedia between people. The high volume of hidden capacity and inherent redundancy make multimedia files optimal candidates for use as a "cover" to hide secret messages.

Our research is focused on the detection of the presence of hidden content, rather than message recovery in audio files.  Our audio steganalysis scheme quantifies audio quality using wavelets, Hausdorff distances, and high order statistics. We propose quality metrics that are designed specifically to detect modifications and additions to pure audio content instead of gathering information directly from audio files, signatures of the audio files are generated based on their wavelet coefficients at different levels of resolution.

dssd

Video redistribution detection

Network and service providers are rapidly deploying IPTV networks to deliver a wide variety of video content to subscribers. Some video content may be protected by copyright and/or may be subject to distribution restrictions. Encryption technologies may not always be effective to manage protected video content, particularly when video content is legally decrypted upon receipt by a subscriber. Our work presents a new approach to detect if specific (or protected) downloaded video is being redistributed by a subscriber using the broadband internet connection. The approach employs a traffic-based signature of the protected video clip. The signature which is shown to be unique is stored in a signature store. We adopt a wavelet-based analysis to match video streams captured from the network to
the signatures in the store. The performance of the detection algorithm is evaluated using a large video database populated with a variety of movies and TV shows. The experiment results show that our algorithm achieves significantly higher detection
rates and lower false alarm rates using video clips of only a few seconds.

Sensitive Information Dissemination Detection (SIDD) system

Detecting and mitigating insider threat is a critical element in the overall information protection strategy. By successfully implementing tactics to detect this threat, organizations mitigate the loss of sensitive information and also potentially protect against future attacks. Within the broader scope of mitigating insider threat, we focus on detecting exfiltration of sensitive data through a protected network. We propose a multilevel framework called SIDD (Sensitive Information Dissemination Detection) system which is a high-speed transparent network bridge located at the edge of the protected network. SIDD consists of three main components: 1) network-level application
identification, 2) content signature generation and detection, and 3) covert communication detection. Further, we introduce a model implementation of the key components, demonstrating how our system can be deployed. Our approach is based on the application of statistical and signal processing techniques on traffic flow to generate signatures and/or extract features for
classification purposes. The proposed framework aims to address methods to detect, deter and prevent deliberate and unintended distribution of sensitive
content outside the organization using the organization’s system and network resources by a trusted insider.

sdsdsdssdsds

Fine rate control

Rate control plays an important role in regulating the bit rate to meet the bandwidth and storage requirement. Most existing video encoders regulate the bit rate by adjusting the quantization step size. We propose to incorporate a new dimension: the quantization rounding offset into rate control. Particularlly, we present a rate control algorithm with adaptive rounding offsets (ARO) that jointly adjusts the quantization step size and the rounding offset for high bit rate accuracy. Different from the quantization
step size that has a limited number of choices, the rounding offset is a continuously adjustable variable that allows the rate control algorithm to reach any precision in principle. Our extensive experimental results show that the proposed ARO algorithm significantly improves the rate control accuracy at almost no extra computational complexity. Compared with the ?-domain rate control, the ARO algorithm reduces the rate control errors from about 2% to 0.5% for INTRA frames, and 5% to 1.5% for INTER frames. Our experiments also demonstrate that ARO provides with the extra benefit of smoother visual
quality.