A phase-space reconstruction approach to detect covert channels in TCP/IP protocols

Hong Zhao, Yun Q. Shi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

Covert channels via the widely used TCP/IP protocols have become a new challenge issue for network security. In this paper, we propose an effective method to detect the existence of hidden information in TCP ISNs (Initial Sequence Numbers), which are known as the most difficult covert channels to be detected. Our method uses phase space reconstruction to characterize dynamic nature of ISNs. A statistical model is then proposed. Based on this proposed model, the classification algorithm is developed to identify the existence of information hidden in ISNs. Simulation results have demonstrated that our proposed detection method outperforms the-state-of-the-art in terms of high detecting accuracy and greatly reduced computational complexity. Instead of off-line processing as the-state-of-the-art does, our new scheme can be used for on-line detection.

Original languageEnglish (US)
Title of host publication2010 IEEE International Workshop on Information Forensics and Security, WIFS 2010
DOIs
StatePublished - 2010
Event2010 IEEE International Workshop on Information Forensics and Security, WIFS 2010 - Seattle, WA, United States
Duration: Dec 12 2010Dec 15 2010

Publication series

Name2010 IEEE International Workshop on Information Forensics and Security, WIFS 2010

Other

Other2010 IEEE International Workshop on Information Forensics and Security, WIFS 2010
Country/TerritoryUnited States
CitySeattle, WA
Period12/12/1012/15/10

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'A phase-space reconstruction approach to detect covert channels in TCP/IP protocols'. Together they form a unique fingerprint.

Cite this