Detecting Covert Channels in Computer Networks Based on Chaos Theory

Covert channels via the widely used TCP/IP protocols have become a new challenging issue for network security. In this paper, we analyze the information hiding in TCP/IP protocols and propose a new effective method to detect the existence of hidden information in TCP initial sequence numbers (ISNs), which is known as one of the most difficult covert channels to be detected. Our method uses phase space reconstruction to create a processing space called reconstructed phase space, where a statistical model is proposed for detecting covert channels in TCP ISNs. Based on the model, a classification algorithm is developed to identify the existence of information hidden in ISNs. Simulation results have demonstrated that our proposed detection method outperforms the state-of-the-art technique in terms of high detection accuracy and greatly reduced computational complexity. Instead of offline processing as the state-of-the-art does, our new scheme can be used for online detection.