Detecting Network Covert Channels using Machine Learning, Data Mining and Hierarchical Organisation of Frequent Sets
Due to continuing improvements in defensive systems, malware developers create increasingly sophisticated techniques to remain undetected on the infected machine for as long as possible. One flavor of such methods are network covert channels, which, to transfer secret data, utilize subtle modifications to the legitimate network traffic. As currently there is no one-size-fits-all approach which would be effective in detecting covert communication in an efficient and scalable manner, more research effort is needed to devise a suitable solution. That is why, in this paper we propose to utilize machine learning and data mining accompanied by hierarchical organization of frequent sets to detect network covert channels: both distributed and undistributed. The obtained experimental results prove that the proposed approach is effective and efficient.