New High Secure Network Steganography Method Based on Packet Length

In the network steganography methods based on packet length, the length of the packets is used as a carrier for exchanging secret messages. Existing methods in this area are vulnerable to detections due to abnormal network traffic behaviors. The main goal of this paper is to propose a method which has great resistance to network traffic detections. In the first proposed method, the sender embeds a bit of data in each pair that includes two non-identical packet lengths. In the current situation, if the first packet length of the pair is larger than the second one, it shows a ‘1’ bit, and otherwise, it shows a ‘0’ bit. If the intended bit of the sender is in conflict with the current status, he/she will create the desired status by swapping the packet lengths. In this method, the paired packets can be selected freely, but in the second proposed method, the packets are divided into buckets, and only packets within a single bucket can be paired together. In this case, the embedding method is similar to the previous one. The results show that the second method, despite having low embedding capacity, will be more secure in real traffic compared to the other methods. Since the packet lengths of UDP protocol are more random in comparison to TCP, the proposed methods have higher embedding capacity, and they are more secure for UDP-based packets. However, these methods are only applicable to the protocols in which the packet length has not a constant value.