Date of Award
Doctor of Philosophy (PhD)
Business and Information Systems
Dr. Kyle Cronin
Dr. Michael Ham
Dr. Joshua Stroschein
This quasi-experimental before-and-after study examined the performance impacts of detecting X.509 covert channels in the Suricata intrusion detection system. Relevant literature and previous studies surrounding covert channels and covert channel detection, X.509 certificates, and intrusion detection system performance were evaluated. This study used Jason Reaves’ X.509 covert channel proof of concept code to generate malicious network traffic for detection (2018). Various detection rules for intrusion detection systems were created to aid in the detection of the X.509 covert channel. The central processing unit (CPU) and memory utilization impacts that each rule had on the intrusion detection system was studied and analyzed. Statistically significant figures found that the rules do have an impact on the performance of the system, some more than others. Finally, pathways towards future related research in creating efficient covert channel detection mechanisms were identified.
Welu, Cody, "Evaluating the Impacts of Detecting X.509 Covert Channels" (2019). Masters Theses & Doctoral Dissertations. 334.