Title :
A phase-space reconstruction approach to detect covert channels in TCP/IP protocols
Author :
Zhao, Hong ; Shi, Yun Q.
Author_Institution :
Sch. of Comput. Sci. & Eng., Fairleigh Dickinson Univ., Teaneck, NJ, USA
Abstract :
Covert channels via the widely used TCP/IP protocols have become a new challenge issue for network security. In this paper, we propose an effective method to detect the existence of hidden information in TCP ISNs (Initial Sequence Numbers), which are known as the most difficult covert channels to be detected. Our method uses phase space reconstruction to characterize dynamic nature of ISNs. A statistical model is then proposed. Based on this proposed model, the classification algorithm is developed to identify the existence of information hidden in ISNs. Simulation results have demonstrated that our proposed detection method outperforms the-state-of-the-art in terms of high detecting accuracy and greatly reduced computational complexity. Instead of off-line processing as the-state-of-the-art does, our new scheme can be used for on-line detection.
Keywords :
computational complexity; statistical analysis; telecommunication security; transport protocols; wireless channels; TCP-IP protocols; computational complexity; covert channel detection; initial sequence numbers; network security; online detection; phase-space reconstruction approach; statistical model; Accuracy; IP networks; Internet; Law; Protocols; Support vector machines; Training;
Conference_Titel :
Information Forensics and Security (WIFS), 2010 IEEE International Workshop on
Conference_Location :
Seattle, WA
Print_ISBN :
978-1-4244-9078-3
DOI :
10.1109/WIFS.2010.5711441
