A Dual-Layer Framework for Detecting and Mitigating Covert Timing Channels

Covert timing channels pose serious challenges in secure computing environments, where even minor information leaks can lead to severe consequences. These channels exploit subtle timing variations to bypass conventional safeguards such as firewalls, intrusion detection systems, and encryption, making them particularly difficult to identify. In this work, we propose a two-layered detection and mitigation strategy to address this threat. The first layer employs a decision tree classifier supported by well-defined classification rules, while the second layer introduces additional verification measures to strengthen detection accuracy. To evaluate the proposed method, we developed a controlled testbed capable of simulating multiple covert timing channel scenarios. Experimental results show that our approach effectively identifies and limits covert timing activity, even when advanced evasion techniques are applied. This study provides a practical contribution toward improving network resilience and defending critical infrastructures against covert communication threats.