Date of Award
Spring 3-2019
Document Type
Dissertation
Degree Name
Doctor of Philosophy (PhD)
Department
Business and Information Systems
First Advisor
Dr. Kyle Cronin
Second Advisor
Dr. Michael Ham
Third Advisor
Dr. Joshua Stroschein
Abstract
This quasi-experimental before-and-after study examined the performance impacts of detecting X.509 covert channels in the Suricata intrusion detection system. Relevant literature and previous studies surrounding covert channels and covert channel detection, X.509 certificates, and intrusion detection system performance were evaluated. This study used Jason Reaves’ X.509 covert channel proof of concept code to generate malicious network traffic for detection (2018). Various detection rules for intrusion detection systems were created to aid in the detection of the X.509 covert channel. The central processing unit (CPU) and memory utilization impacts that each rule had on the intrusion detection system was studied and analyzed. Statistically significant figures found that the rules do have an impact on the performance of the system, some more than others. Finally, pathways towards future related research in creating efficient covert channel detection mechanisms were identified.
Recommended Citation
Welu, Cody, "Evaluating the Impacts of Detecting X.509 Covert Channels" (2019). Masters Theses & Doctoral Dissertations. 334.
https://scholar.dsu.edu/theses/334
Included in
Information Security Commons, Other Computer Sciences Commons, Software Engineering Commons, Systems Architecture Commons