A DUAL-LOOP ALGORITHM FOR DETECTING AND SUPPRESSING COVERT CHANNELS IN CLOSED SPECIAL-PURPOSE NETWORKS

Abstract

This article addresses the problem of detecting and
suppressing covert information transmission channels in closed special-purpose networks. It is shown that
traditional methods of passive traffic monitoring have limited effectiveness under conditions of an adaptive
attacker and the deterministic characteristics of closed networks. A two-loop algorithm is proposed, based
on a combination of statistical analysis of network traffic parameters and adaptive control of data
transmission characteristics. The outer loop of the algorithm ensures the detection and estimation of hidden
channel parameters, while the inner loop actively suppresses them by introducing controlled stochastic
distortions. A mathematical description of the algorithm for the intelligent detection and suppression of
covert information exfiltration channels is presented; a formalization of the estimation of a covert channel’s
information capacity is carried out; and the results of simulation modeling are presented. It is shown that
the proposed algorithm ensures a significant reduction in the throughput of covert channels with an
acceptable impact on the quality of service for legitimate traffic. For the first time, a nonlinear model of
covert communication channels has been constructed that accounts for adaptive control of countermeasures
against information leakage, leading to a reduction in the probability of sustained APT exfiltration in
special-purpose networks.
Keywords: covert channels, closed channels, exfiltration, special-purpose networks, adaptive
countermeasures, DNS tunneling, dual-loop control, cybersecurity

References
1. Хорошко В., Лаптєв О., Хохлачова Ю., Аль-Далваш А., Пепа Ю. (2024) Особливості
проектування захищених інформаційних мереж. Наукоємні технології. Том 62. №2. 154–163.
https://doi.org/10.18372/2310-5461.62.18709.
2. Толюпа С., Плющ O., Пархоменко I. (2020) Побудова систем виявлення атак в
інформаційних мережах на нейромережевих структурах. Кібербезпека: освіта, наука, техніка.
Т. 2. № 10. 169–183. https://doi.org/10.28925/2663-4023.2020.10.169183.
3. Zander S., Armitage G., Branch P. (2007) A Survey of Covert Channels and Countermeasures
in Computer Network Protocols. IEEE Communications Surveys & Tutorials. Vol. 9. No. 3. 44–57.
https://doi.org/10.1109/COMST.2007.4317620.
4. Chen S., Lang B., Liu H., Li D., Gao C. (2021) DNS Covert Channel Detection Method Using
the LSTM Model. Computers & Security. Vol. 104. 90–95.
https://doi.org/10.1016/j.cose.2020.102095.
5. Han J., Huang C., Shi F., Liu J. (2020) Covert Timing Channel Detection Method Based on
Time Interval and Payload Length Analysis. Computers & Security. Vol. 97. 101–110.
https://doi.org/10.1016/j.cose.2020.101952.
6. Severino R., Rodrigues J., Alves J., Ferreira L.L. (2023) Performance Assessment and
Mitigation of Timing Covert Channels over the IEEE 802.15.4. Journal of Sensor and Actuator
Networks. Vol. 12, No. 4. 60–68. https://doi.org/10.3390/jsan12040060.
7. Belozubova A., Epishkina A., Kogos K. (2021) On/Off Covert Channel Capacity Limitation
by Adding Extra Delays. IEEE Conference of Russian Young Researchers in Electrical and Electronic
Engineering «ElCon». 2318–2322. https://doi.org/10.1109/ElConRus51938.2021.9396545.
8. Zhao H., Shi Y.-Q. (2013) Detecting Covert Channels in Computer Networks Based on Chaos
Theory. IEEE Transactions on Information Forensics and Security. 35–42.
https://doi.org/10.1109/TIFS.2012.2231861.
9. Zhang X., Guo L., Xue Y., Jiang H., Liu L., Zhang Q. (2019) A Hybrid Covert Channel with
Feedback over Mobile Networks. In: Security and Privacy in Social Networks and Big Data. 87–94.
https://doi.org/10.1007/978-981-15-0758-8_7.
10. Beshley M., Pryslupskyi A., Medvetskyi M., Beshley H. (2022) Intelligent Traffic
Monitoring and Analysis System to Detect Attacks in Software-Defined Networks. Information and
Communication Technologies, Electronic Engineering. Vol. 2. No. 1. 1–11.
https://doi.org/10.23939/ictee2022.01.