مرکز منطقه ای اطلاع رساني علوم و فناوري - Network Based Detection of Passive Covert Channels in TCP/IP

DocumentCode :

2665722

Title :

Network Based Detection of Passive Covert Channels in TCP/IP

Author :

Tumoian, Eugene ; Anikeev, Maxim

Author_Institution :

Dept. of Inf. Security, Taganrog State Univ. of Radio Eng.

fYear :

2005

fDate :

17-17 Nov. 2005

Firstpage :

802

Lastpage :

809

Abstract :

A new method of covert channel detection in initial sequence number (ISN) of TCP/IP is proposed in the paper. The detection is based on ISN generation model of original OS. Whenever any statistical deviations of ISN network packet from the ISN model are discovered; it is considered that this ISN packet is generated by malicious software, which tries to create a covert channel. The method was tested using experimental data generated by NUSHU covert channel creation tool, which has been developed by Joanna Rutkowska

Keywords :

computer networks; transport protocols; TCP/IP; initial sequence number; network based detection; passive covert channels; transport protocols; Data communication; Information security; Intelligent networks; Kernel; Linux; Protocols; TCPIP; Testing; Workstations; World Wide Web;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Local Computer Networks, 2005. 30th Anniversary. The IEEE Conference on

Conference_Location :

Sydney, NSW

ISSN :

0742-1303

Print_ISBN :

0-7695-2421-4

Type :

conf

DOI :

10.1109/LCN.2005.92

Filename :

1550966

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2665722