Feature extraction and classification algorithm for detecting complex covert timing channel

Owing to the high variance of legitimate traffic, the detection of Covert Timing Channel (CTC) has become a challenging work. The combination of detection methods based on entropy and corrected conditional entropy has been proved an effective way for the detection against some typical CTCs. However, the methods cannot satisfy the detection of some complex CTCs. In this paper, based on wavelet transform and Support Vector Machine (SVM), a new approach is proposed to detect various kinds of CTCs inclusive of some complex CTCs. Our approach can extract the features of maximum entropies at different wavelet levels and the percentage of energy corresponding to the details at wavelet level 1, and then the features are put into multiclass SVM for classification. Moreover, also our approach is capable of detecting the CTC which has the ability to evade the entropy-based detection method. Finally, a sliding window scheme is successfully designed to detect the complex traffic which several kinds of CTCs are embedded in.