{"id":"https://openalex.org/W2744380163","doi":"https://doi.org/10.1109/isi.2017.8004869","title":"Raising flags: Detecting covert storage channels using relative entropy","display_name":"Raising flags: Detecting covert storage channels using relative entropy","publication_year":2017,"publication_date":"2017-07-01","ids":{"openalex":"https://openalex.org/W2744380163","doi":"https://doi.org/10.1109/isi.2017.8004869","mag":"2744380163"},"language":"en","primary_location":{"id":"doi:10.1109/isi.2017.8004869","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isi.2017.8004869","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE International Conference on Intelligence and Security Informatics (ISI)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085548279","display_name":"Josephine K. Chow","orcid":null},"institutions":[{"id":"https://openalex.org/I4179309","display_name":"Park University","ror":"https://ror.org/04ngpga37","country_code":"US","type":"education","lineage":["https://openalex.org/I4179309"]},{"id":"https://openalex.org/I66946132","display_name":"University of Maryland, College Park","ror":"https://ror.org/047s2c258","country_code":"US","type":"education","lineage":["https://openalex.org/I66946132"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Josephine Chow","raw_affiliation_strings":["University of Maryland, College Park, College Park, Maryland, US","College Park College Park, University of Maryland, Maryland, US"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Maryland, College Park, College Park, Maryland, US","institution_ids":["https://openalex.org/I66946132"]},{"raw_affiliation_string":"College Park College Park, University of Maryland, Maryland, US","institution_ids":["https://openalex.org/I66946132","https://openalex.org/I4179309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100341802","display_name":"Xiang\u2010Yang Li","orcid":"https://orcid.org/0000-0002-6070-6625"},"institutions":[{"id":"https://openalex.org/I145311948","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95","country_code":"US","type":"education","lineage":["https://openalex.org/I145311948"]},{"id":"https://openalex.org/I4210114877","display_name":"Johns Hopkins Center for Health Security","ror":"https://ror.org/01fhm1y42","country_code":"US","type":"education","lineage":["https://openalex.org/I4210114877"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xiangyang Li","raw_affiliation_strings":["Johns Hopkins University Information, Security Institute, Baltimore, Maryland, US"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Johns Hopkins University Information, Security Institute, Baltimore, Maryland, US","institution_ids":["https://openalex.org/I4210114877","https://openalex.org/I145311948"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5041245378","display_name":"Xenia Mountrouidou","orcid":null},"institutions":[{"id":"https://openalex.org/I204593131","display_name":"College of Charleston","ror":"https://ror.org/00390t168","country_code":"US","type":"education","lineage":["https://openalex.org/I204593131"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xenia Mountrouidou","raw_affiliation_strings":["College of Charleston, Charleston, South Carolina, US"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Charleston, Charleston, South Carolina, US","institution_ids":["https://openalex.org/I204593131"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.2065,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.64141186,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"25","last_page":"30"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9961000084877014,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7755638360977173},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.7075221538543701},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.6084752082824707},{"id":"https://openalex.org/keywords/transmission-control-protocol","display_name":"Transmission Control Protocol","score":0.528253436088562},{"id":"https://openalex.org/keywords/header","display_name":"Header","score":0.4831475615501404},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.48225146532058716},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4466978907585144}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7755638360977173},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.7075221538543701},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.6084752082824707},{"id":"https://openalex.org/C33588617","wikidata":"https://www.wikidata.org/wiki/Q8803","display_name":"Transmission Control Protocol","level":3,"score":0.528253436088562},{"id":"https://openalex.org/C48105269","wikidata":"https://www.wikidata.org/wiki/Q1141160","display_name":"Header","level":2,"score":0.4831475615501404},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.48225146532058716},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4466978907585144}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isi.2017.8004869","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isi.2017.8004869","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 IEEE International Conference on Intelligence and Security Informatics (ISI)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320310145","display_name":"Johns Hopkins University","ror":"https://ror.org/00za53h95"},{"id":"https://openalex.org/F4320322725","display_name":"China Scholarship Council","ror":"https://ror.org/04atp4p48"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W62210294","https://openalex.org/W2045234005","https://openalex.org/W2120467192","https://openalex.org/W2157852252","https://openalex.org/W2170074829","https://openalex.org/W4285719527","https://openalex.org/W6678081568"],"related_works":["https://openalex.org/W2171597999","https://openalex.org/W2189136227","https://openalex.org/W1866537546","https://openalex.org/W630850086","https://openalex.org/W3200508093","https://openalex.org/W4372053344","https://openalex.org/W3193978431","https://openalex.org/W2988433590","https://openalex.org/W2891706772","https://openalex.org/W2144804944"],"abstract_inverted_index":{"This":[0],"paper":[1],"focuses":[2],"on":[3],"one":[4,169,182],"type":[5],"of":[6,36,53,67,85,107,115,150,178,200,230],"Covert":[7],"Storage":[8],"Channel":[9],"(CSC)":[10],"that":[11,133,214],"uses":[12,91,187],"the":[13,34,50,62,81,86,143,148,173,185,215,228],"6-bit":[14],"TCP":[15,54,63,131],"flag":[16,64],"header":[17],"in":[18,39,56,118,137,141,167],"TCP/IP":[19],"network":[20,37,68],"packets":[21,174],"to":[22,32,41,79,196,219,239],"transmit":[23],"secret":[24],"messages":[25,101,238],"between":[26],"accomplices.":[27],"We":[28,159],"use":[29,128],"relative":[30,144],"entropy":[31,145],"characterize":[33],"irregularity":[35],"flows":[38],"comparison":[40],"normal":[42,45,138,157,221],"traffic.":[43,139],"A":[44],"profile":[46],"is":[47,70,217,234],"created":[48],"by":[49,112,206],"frequency":[51,65,153],"distribution":[52,66,154],"flags":[55,132],"regular":[57,93],"traffic":[58,69,94,224],"packets.":[59,201],"In":[60,77],"detection,":[61,142],"computed":[71],"for":[72,175,236],"each":[73],"unique":[74],"IP":[75,179],"pair.":[76],"order":[78],"evaluate":[80],"accuracy":[82],"and":[83,121,184,222],"efficiency":[84],"proposed":[87],"method,":[88],"this":[89,156],"study":[90],"real":[92],"data":[95,164],"sets":[96],"as":[97,99],"well":[98],"CSC":[100,223,237],"using":[102],"coding":[103],"schemes":[104],"under":[105],"assumptions":[106],"both":[108],"clear":[109],"text,":[110],"composed":[111],"a":[113,151,176,188,194],"list":[114],"keywords":[116],"common":[117],"Unix":[119],"systems,":[120],"encrypted":[122],"text.":[123],"Moreover,":[124],"smart":[125],"accomplices":[126],"may":[127],"only":[129],"those":[130],"are":[134],"ever":[135],"appearing":[136],"Then,":[140],"can":[146],"reveal":[147],"dissimilarity":[149],"different":[152,163],"from":[155],"profile.":[158],"have":[160,212],"also":[161],"used":[162],"processing":[165],"methods":[166],"detection:":[168],"method":[170,216],"summarizes":[171],"all":[172],"pair":[177],"addresses":[180],"into":[181],"flow":[183,195],"other":[186],"sliding":[189],"moving":[190],"window":[191],"over":[192],"such":[193],"generate":[197],"multiple":[198],"frames":[199],"The":[202],"experimentation":[203],"results,":[204],"displayed":[205],"Receiver":[207],"Operating":[208],"Characteristic":[209],"(ROC)":[210],"curves,":[211],"shown":[213],"promising":[218],"differentiate":[220],"packet":[225],"streams.":[226],"Furthermore":[227],"delay":[229],"raising":[231],"an":[232],"alert":[233],"analyzed":[235],"show":[240],"its":[241],"efficiency.":[242]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2020,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}
