Efficient Non-Linear Covert Channel Detection in TCP Data Streams

Cyber-attacks are causing losses amounted to billions of dollars every year due to data breaches and vulnerabilities. The existing tools for data leakage prevention and detection are often bypassed by using various different types of sophisticated techniques such as network steganography for stealing the data. This is due to several weaknesses which can be exploited by a threat actor in existing detection systems. The weaknesses are high time and memory training complexities as well as large training datasets. These challenges become worse when the amount of generated data increases in every second in many realms. In addition, the number of false positives is high which makes them inaccurate. Finally, there is a lack of a framework catering for the needs such as raising alerts as well as data monitoring and updating/adapting of a threshold value used for checking the data packets for covert data. In order to overcome these weaknesses, this paper proposes a novel framework that includes elements such as continuous data monitoring, threshold maintenance, and alert notification. This paper also proposes a model based on statistical measures to detect covert data leakages, especially for non-linear chaotic data. The main advantage of the proposed model is its capability to provide results with tolerance/threshold values much more efficiently. Our experiments indicate that the proposed framework has low false positives and outperforms various existing techniques in terms of accuracy and efficiency.