TY - GEN
T1 - A phase-space reconstruction approach to detect covert channels in TCP/IP protocols
AU - Zhao, Hong
AU - Shi, Yun Q.
PY - 2010
Y1 - 2010
N2 - Covert channels via the widely used TCP/IP protocols have become a new challenge issue for network security. In this paper, we propose an effective method to detect the existence of hidden information in TCP ISNs (Initial Sequence Numbers), which are known as the most difficult covert channels to be detected. Our method uses phase space reconstruction to characterize dynamic nature of ISNs. A statistical model is then proposed. Based on this proposed model, the classification algorithm is developed to identify the existence of information hidden in ISNs. Simulation results have demonstrated that our proposed detection method outperforms the-state-of-the-art in terms of high detecting accuracy and greatly reduced computational complexity. Instead of off-line processing as the-state-of-the-art does, our new scheme can be used for on-line detection.
AB - Covert channels via the widely used TCP/IP protocols have become a new challenge issue for network security. In this paper, we propose an effective method to detect the existence of hidden information in TCP ISNs (Initial Sequence Numbers), which are known as the most difficult covert channels to be detected. Our method uses phase space reconstruction to characterize dynamic nature of ISNs. A statistical model is then proposed. Based on this proposed model, the classification algorithm is developed to identify the existence of information hidden in ISNs. Simulation results have demonstrated that our proposed detection method outperforms the-state-of-the-art in terms of high detecting accuracy and greatly reduced computational complexity. Instead of off-line processing as the-state-of-the-art does, our new scheme can be used for on-line detection.
UR - http://www.scopus.com/inward/record.url?scp=79952510724&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79952510724&partnerID=8YFLogxK
U2 - 10.1109/WIFS.2010.5711441
DO - 10.1109/WIFS.2010.5711441
M3 - Conference contribution
AN - SCOPUS:79952510724
SN - 9781424490783
T3 - 2010 IEEE International Workshop on Information Forensics and Security, WIFS 2010
BT - 2010 IEEE International Workshop on Information Forensics and Security, WIFS 2010
T2 - 2010 IEEE International Workshop on Information Forensics and Security, WIFS 2010
Y2 - 12 December 2010 through 15 December 2010
ER -