An adaptive approach to detecting behavioural covert channels in IPv6

Tools

Salih, A., 2017. An adaptive approach to detecting behavioural covert channels in IPv6. PhD, Nottingham Trent University.

Preview

Text
PhD Thesis.pdf - Published version
Download (2MB) | Preview

Abstract

One of the most important techniques in data hiding is (Metaferography) covert channel, which recently has shown potential impacts on network and data security. Encryption can only protect communication from being decoded, meanwhile, covert channel is the art of hiding information in an overt communication as a carrier of information. Covert channels are normally used for transferring information stealthily. They are used to leak information across the network and to ex/infiltrate classified information from legitimate targets. These hidden channels violate network security and privacy polices, it is easy to embed but unlikely and almost impossible to be detected.
Despite of the obvious improvements in IPv6 components and functionality enhancements, there exist intrinsic security vulnerabilities. These vulnerabilities have ongoing implications on network security and traffic performance. Hence, they will create insecure environments in business and banking network, information security management and IT security. ICMPv6 is vital integral part in IPv6, as well as IPsec protocol, to mitigate and eliminate covert channels, the RFC standards and controls should be investigated intensively. Furthermore, incomplete implementation of IPv6 nowadays on all Operating Systems has not exposed the realm of this security protocol performance explicitly.
In this thesis, we present a novel Hybrid Heuristic Intelligent Algorithm coupled with enhanced Polynomial Naïve Bayes machine Learning algorithm. The framework is implemented in a supervised learning model to detect and classify covert channels in IPv6. The proposed multi-threaded framework acts as an active security warden processing intelligent information gain and optimized decision trees technique to improve the security vulnerabilities in this new network generation protocol.
This new approach develops intelligent heuristic techniques for in depth packet inspection to analyse and examine the header fields of IPv6 protocol. Some of these fields are designated by the designer for quality of service (QoS), future performance diagnostic analysis, unfortunately, they are misused by "bad guys and black hats" to perform various network security attacks against vulnerable targets. These attacks cause immediate and ongoing damage to classified data. In order to prevent and mitigate these types of breaches and threat risks, a multi-security prevention model was created. Furthermore, advanced machine learning technique was implemented to detect, classify and document all current and future unknown anomaly attacks. The suggested HeuBNet6 classiffier obtained highly significant results of 98% detection rate and showed better performance and accuracy with good True Positive Rate (TPR) and low False Positive Rate (FPR).

Item Type:	Thesis
Creators:	Salih, A.
Date:	May 2017
Rights:	This thesis is copyright 2017 by Abdulrahman Salih.
Divisions:	Schools > School of Science and Technology
Record created by:	Linda Sullivan
Date Added:	31 Jul 2017 14:11
Last Modified:	31 Jul 2017 14:14
URI:	https://irep.ntu.ac.uk/id/eprint/31334