{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,19]],"date-time":"2025-08-19T10:49:47Z","timestamp":1755600587655,"version":"3.40.3"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030582005"},{"type":"electronic","value":"9783030582012"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58201-2_2","type":"book-chapter","created":{"date-parts":[[2020,9,13]],"date-time":"2020-09-13T23:02:29Z","timestamp":1600038149000},"page":"17-31","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Evaluation of Statistical Tests for Detecting Storage-Based Covert Channels"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8799-0507","authenticated-orcid":false,"given":"Thomas A. V.","family":"Sattolo","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6316-3040","authenticated-orcid":false,"given":"Jason","family":"Jaskolka","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,9,14]]},"reference":[{"key":"2_CR1","unstructured":"Berk, V., Giani, A., Cybenko, G.: Covert channel detection using process query systems. In: 2nd Annual Conference for Network Flow Analysis, September 2005"},{"key":"2_CR2","unstructured":"Berk, V., Giani, A., Cybenko, G.: Detection of covert channel encoding in network packet delays. Technical report TR2005-536, Dartmouth College, Hanover, NH, USA, August 2005"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"Cabuk, S., Brodley, C.E., Shields, C.: IP covert timing channels: design and detection. In: 11th ACM Conference on Computer and Communications Security, pp. 178\u2013187. ACM (2004)","DOI":"10.1145\/1030083.1030108"},{"issue":"4","key":"2_CR4","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1145\/1513601.1513604","volume":"12","author":"S Cabuk","year":"2009","unstructured":"Cabuk, S., Brodley, C.E., Shields, C.: IP covert channel detection. ACM Trans. Inf. Syst. Secur. 12(4), 22 (2009)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"2_CR5","unstructured":"Collin, L.: A quick benchmark: Gzip vs. Bzip2 vs. LZMA (2005). https:\/\/tukaani.org\/lzma\/benchmarks.html. Accessed 22 Oct 2019"},{"issue":"1","key":"2_CR6","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1109\/JSTSP.2012.2237378","volume":"7","author":"V Crespi","year":"2013","unstructured":"Crespi, V., Cybenko, G., Giani, A.: Engineering statistical behaviors for attacking and defending covert channels. IEEE J. Sel. Top. Signal Process. 7(1), 124\u2013136 (2013)","journal-title":"IEEE J. Sel. Top. Signal Process."},{"key":"2_CR7","unstructured":"Garcia, S.: Normal captures (2017). https:\/\/stratosphereips.org. Malware Capture Facility Project"},{"issue":"6","key":"2_CR8","doi-asserted-by":"publisher","first-page":"785","DOI":"10.1109\/TDSC.2010.46","volume":"8","author":"S Gianvecchio","year":"2010","unstructured":"Gianvecchio, S., Wang, H.: An entropy-based approach to detecting covert timing channels. IEEE Trans. Dependable Secure Comput. 8(6), 785\u2013797 (2010)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"2_CR9","unstructured":"Gunadi, H., Zander, S.: Bro covert channel detection (BroCCaDe) framework: design and implementation. Technical report 20171117B, Murdoch University (2017)"},{"key":"2_CR10","unstructured":"Gunadi, H., Zander, S.: Bro covert channel detection (BroCCaDe) framework: scope and background. Technical report 20171117A, Murdoch University (2017)"},{"key":"2_CR11","unstructured":"Gunadi, H., Zander, S.: Extending bro covert channel detection (BroCCaDe) with new plugins. Technical report 20171207A, Murdoch University (2017)"},{"key":"2_CR12","unstructured":"Gunadi, H., Zander, S.: Performance evaluation of the bro covert channel detection (BroCCaDe) framework. Technical report 20180427A, Murdoch University (2018)"},{"key":"2_CR13","doi-asserted-by":"crossref","unstructured":"Jadhav, M., Kattimani, S.: Effective detection mechanism for TCP based hybrid covert channels in secure communication. In: 2011 International Conference on Emerging Trends in Electrical and Computer Technology, pp. 1123\u20131128 (2011)","DOI":"10.1109\/ICETECT.2011.5760288"},{"key":"2_CR14","unstructured":"Jaskolka, J.: Modeling, analysis, and detection of information leakage via protocol-based covert channels. Master\u2019s thesis, McMaster University, Hamilton, ON, Canada, September 2010"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Jaskolka, J., Khedri, R.: Exploring covert channels. In: 44th Hawaii International Conference on System Sciences, pp. 1\u201310, January 2011","DOI":"10.1109\/HICSS.2011.201"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Jaskolka, J., Khedri, R., Sabri, K.: A formal test for detecting information leakage via covert channels. In: 7th Annual Cyber Security and Information Intelligence Research Workshop, pp. 1\u20134, October 2011","DOI":"10.1145\/2179298.2179343"},{"issue":"1","key":"2_CR17","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1214\/aoms\/1177729694","volume":"22","author":"S Kullback","year":"1951","unstructured":"Kullback, S., Leibler, R.: On information and sufficiency. Ann. Math. Stat. 22(1), 79\u201386 (1951)","journal-title":"Ann. Math. Stat."},{"issue":"1","key":"2_CR18","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1109\/TIT.1976.1055501","volume":"22","author":"A Lempel","year":"1976","unstructured":"Lempel, A., Ziv, J.: On the complexity of finite sequences. IEEE Trans. Inf. Theory 22(1), 75\u201381 (1976)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Li, Q., Zhang, P., Chen, Z., Fu, G.: Covert timing channel detection method based on random forest algorithm. In: 17th IEEE International Conference on Communication Technology, pp. 165\u2013171 (2017)","DOI":"10.1109\/ICCT.2017.8359624"},{"key":"2_CR20","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1007\/978-3-642-31513-8_29","volume-title":"Advances in Computing and Information Technology","author":"B Naik","year":"2012","unstructured":"Naik, B., Boddukolu, S., Sujatha, P., Dhavachelvan, P.: Connecting entropy-based detection methods and entropy to detect covert timing channels. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds.) Advances in Computing and Information Technology. AISC, vol. 176, pp. 279\u2013288. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-31513-8_29"},{"key":"2_CR21","unstructured":"Ponemon Institute: 2018 cost of a data breach study: global overview. Technical report, IBM Security (2018)"},{"issue":"1","key":"2_CR22","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/s004220050414","volume":"78","author":"A Porta","year":"1998","unstructured":"Porta, A., et al.: Measuring regularity by means of a corrected conditional entropy in sympathetic outflow. Biol. Cybern. 78(1), 71\u201378 (1998)","journal-title":"Biol. Cybern."},{"key":"2_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-540-39927-8_29","volume-title":"Information and Communications Security","author":"T Sohn","year":"2003","unstructured":"Sohn, T., Seo, J.T., Moon, J.: A study on the covert channel detection of TCP\/IP header using support vector machine. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 313\u2013324. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-39927-8_29"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Tumoian, E., Anikeev, M.: Network based detection of passive covert channels in TCP\/IP. In: 30th IEEE Conference on Local Computer Networks, pp. 802\u2013807 (2005)","DOI":"10.1109\/LCN.2005.92"},{"key":"2_CR25","doi-asserted-by":"crossref","unstructured":"Zhai, J., Liu, G., Dai, Y.: A covert channel detection algorithm based on TCP Markov model. In: 2nd International Conference on Multimedia Information Networking and Security, pp. 893\u2013897 (2010)","DOI":"10.1109\/MINES.2010.190"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Zhao, H., Shi, Y.: A phase-space reconstruction approach to detect covert channels in TCP\/IP protocols. In: 2010 IEEE International Workshop on Information Forensics and Security, pp. 1\u20136 (2010)","DOI":"10.1109\/WIFS.2010.5711441"},{"issue":"3","key":"2_CR27","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1109\/TIT.1977.1055714","volume":"23","author":"J Ziv","year":"1977","unstructured":"Ziv, J., Lempel, A.: A universal algorithm for sequential data compression. IEEE Trans. Inf. Theory 23(3), 337\u2013343 (1977)","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"5","key":"2_CR28","doi-asserted-by":"publisher","first-page":"530","DOI":"10.1109\/TIT.1978.1055934","volume":"24","author":"J Ziv","year":"1978","unstructured":"Ziv, J., Lempel, A.: Compression of individual sequences via variable-rate coding. IEEE Trans. Inf. Theory 24(5), 530\u2013536 (1978)","journal-title":"IEEE Trans. Inf. Theory"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58201-2_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,14]],"date-time":"2024-09-14T00:05:15Z","timestamp":1726272315000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58201-2_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030582005","9783030582012"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58201-2_2","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"14 September 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Maribor","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Slovenia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"35","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sec2020.um.si\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"149","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.88","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5.14","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}