Detection of attacks on cognitive channels

This thesis introduces a variety of novel approaches to modeling and detecting attacks on cognitive channels. A cognitive channel is the communication channel between a person and the information technology used. An attack on a cognitive channel exploits the vulnerabilities between the user, her perception of the information system, and the actual underlying technology. The vulnerabilities are in the gap between the user's mental model of the information system and its actual implementation. The sophistication of modern information systems and their growing presence in human activities has made these channels attractive targets. Traditional computer security protection and attack detection approaches focus mainly on technical vulnerabilities. Cognitive channels are increasingly the weak links in an information system because traditional technical vulnerabilities are being fixed. This has created a significant gap between computer security technology and the threat space. Modern cognitive channel attacks, such as Cognitive Hacking and Phishing, are in fact complex processes that can be detected and tracked. An effective approach to defending against cognitive channel attacks therefore involves accurate process modeling and the development of new attack models based on processes. We have identified, implemented and evaluated several approaches based on the Process Query System paradigm for detecting binary covert channels embedded in inter-packet delays and detecting multi-stage Phishing attacks. This work also introduces the basis for a statistical theory of covert communication that can be used to estimate the amount of undetectable information transmitted through a covert channel.