Detecting Selected Network Covert Channels Using Machine Learning

International audienceNetwork covert channels break a computer's security policy to establish a stealthy communication. They are a threat being increasingly used by malicious software. Most previous studies on detecting network covert channels using Machine Learning (ML) were tested with a dataset that was created using one single covert channel tool and also are ineffective at classifying covert channels into patterns. In this paper, selected ML methods are applied to detect popular network covert channels. The capacity of detecting and classifying covert channels with high precision is demonstrated. A dataset was created from nine standard covert channel tools and the covert channels are then accordingly classified into patterns and labelled. Half of the generated dataset is used to train three different ML algorithms. The remaining half is used to verify the algorithms' performance. The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN). The k-NN model demonstrated the highest precision rate at 98% detection of a given covert channel and with a low false positive rate of 1%

Mobile Agents for Detecting Network Attacks Using Timing Covert Channels

This article addresses the problem of network attacks using steganographic techniques based on the manipulation of time relationships between IP packets. In the study, an efficient method to detect such attacks is presented. The proposed algorithm is based on the Change Observation Theory, and employs two types of agents: base and flying ones. The agents observe the time parameters of the network traffic, using proposed meta-histograms and trained machine learning algorithms, in the node where they were installed. The results of experiments using various machine learning algorithm are presented and discussed. The study showed that the Random Forest and MLP classifiers achieved the best detection results, yielding an area under the ROC curve (AUC) above 0.85 for the evaluation data. We showed a proof-of-concept for an attack detection method that combined the classification algorithm, the proposed anomaly metrics and the mobile agents. We claim that due to a unique feature of self-regulation, realized by destroying unnecessary agents, the proposed method can establish a new type of multi-agent intrusion detection system that can be applied to a wider group of IT systems

Data Hiding and Its Applications

Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others

To what degree have the non-police public services adopted the National Intelligence Model? : what benefits could the National Intelligence Model deliver?

It is claimed that the National Intelligence Model (NIM) consolidated intelligence-led policing principles in investigative practice and decision making in British policing. Subsequently, encouraged by the Home Office, the NIM was adopted by a number of other public services with an investigative capability. However, that transfer took place without a sufficiently rigorous evaluation of the model’s value to the police service and without any meaningful analysis of its relevance to the investigative functions of other public sector agencies. This research examined the adoption of the NIM by three public sector bodies: The Department for Work and Pensions (DWP), The Identity and Passport Service (IPS) and the Driving Standards Agency (DSA). It drew on archival materials, associated literature and the analysis of semi-structured interviews with the personnel of these and associated agencies. Research respondents also assessed a simplified version of the NIM that was designed to remove many of the original model’s inconsistencies and ambiguities. The research identified that the reviewed public services are not compliant with the NIM minimum standards and that the model has not delivered any meaningful improvement in the consistency of process, investigative efficiency, improved partnership working, or in fraud reduction in those agencies. The NIM failed because of perceived complexity, the language of the model and supplementary guidance; its exclusive ‘fit’ with the police; and a suspicion by the agencies’ personnel that its adoption was intended as a performance management and governance tool. Moreover, the revised version of the NIM’s minimum standards did not improve comprehension or conformity, or resolve the model’s perceived police bias. It was concluded that the model is not fit for purpose for the agencies studied and that an alternative model that is more finely tuned to the needs of those agencies is required.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

NEW MEDIA AND POLITICAL MOBILIZATION: THE CASE OF ONLINE MEDIATION OF MINORITY GROUPS IN THE PHILIPPINES

Ph.DDOCTOR OF PHILOSOPH

Religion, Resistance and New Horizons of Nationhood: A Study of Hizbullah’s Promotional Communication (2006-2018)

This thesis draws on the conceptual tools of communication theory, and on studies of promotion and branding, to examine Hizbullah’s communication strategy and the way the Party has promoted its identity, values and nationalist discourses in the period between 2006 and 2018. To do so, it examines five different sites including buildings and leisure sites in Dahiya, ʿAshura rituals and their mediation on al-Manar, ʿAshura posters, and children’s magazines and television programming. By paying particular attention to Hizbullah’s religious channels and activities such as ʿAshura rituals and posters, and treating them as part and parcel of the Party’s political communication strategies, the thesis emphasises an aspect of the Party’s communication practices that has so far remained largely overlooked. It understands the Party’s communication channels as educational and socialising agencies that seek to create and maintain Hizbullah’s religio-politico nation and to ensure the Party’s survival within an increasingly tense regional political environment. The thesis’s focus on the specific time period from the 2006 war with Israel until the present day shows that Hizbullah is expanding its resistance and nationalist discourses as it attempts to appeal to a wider local, Muslim, Arab and regional audience. The thesis argues that the Party does this as a tactical and pre-emptive calculation to gain support for a regional war yet to come with Israel. It draws on the modernist and ethno-symbolist schools of nationalism and argues that both are necessary in order to understand the Party’s multiple nationalisms. However, the thesis argues that core to Hizbullah’s nationalism is one centred around its religio-politico nation that adopts the Karbala battle for resistance activities against whatever Yazid that is declared. Hence, resistance and religion are intertwined within the Party’s discourse

To what degree have the non-police public services adopted the National Intelligence Model? : what benefits could the National Intelligence Model deliver?

It is claimed that the National Intelligence Model (NIM) consolidated intelligence-led policing principles in investigative practice and decision making in British policing. Subsequently, encouraged by the Home Office, the NIM was adopted by a number of other public services with an investigative capability. However, that transfer took place without a sufficiently rigorous evaluation of the model’s value to the police service and without any meaningful analysis of its relevance to the investigative functions of other public sector agencies. This research examined the adoption of the NIM by three public sector bodies: The Department for Work and Pensions (DWP), The Identity and Passport Service (IPS) and the Driving Standards Agency (DSA). It drew on archival materials, associated literature and the analysis of semi-structured interviews with the personnel of these and associated agencies. Research respondents also assessed a simplified version of the NIM that was designed to remove many of the original model’s inconsistencies and ambiguities. The research identified that the reviewed public services are not compliant with the NIM minimum standards and that the model has not delivered any meaningful improvement in the consistency of process, investigative efficiency, improved partnership working, or in fraud reduction in those agencies. The NIM failed because of perceived complexity, the language of the model and supplementary guidance; its exclusive ‘fit’ with the police; and a suspicion by the agencies’ personnel that its adoption was intended as a performance management and governance tool. Moreover, the revised version of the NIM’s minimum standards did not improve comprehension or conformity, or resolve the model’s perceived police bias. It was concluded that the model is not fit for purpose for the agencies studied and that an alternative model that is more finely tuned to the needs of those agencies is required.EThOS - Electronic Theses Online ServiceGBUnited Kingdo