Detecting covert channels in computer networks based on chaos theory

Hong Zhao, Yun Qing Shi

Research output: Contribution to journalArticlepeer-review

38 Scopus citations


Covert channels via the widely used TCP/IP protocols have become a new challenging issue for network security. In this paper, we analyze the information hiding in TCP/IP protocols and propose a new effective method to detect the existence of hidden information in TCP initial sequence numbers (ISNs), which is known as one of the most difficult covert channels to be detected. Our method uses phase space reconstruction to create a processing space called reconstructed phase space, where a statistical model is proposed for detecting covert channels in TCP ISNs. Based on the model, a classification algorithm is developed to identify the existence of information hidden in ISNs. Simulation results have demonstrated that our proposed detection method outperforms the state-of-the-art technique in terms of high detection accuracy and greatly reduced computational complexity. Instead of offline processing as the state-of-the-art does, our new scheme can be used for online detection.

Original languageEnglish (US)
Article number6374677
Pages (from-to)273-282
Number of pages10
JournalIEEE Transactions on Information Forensics and Security
Issue number2
StatePublished - 2013

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


  • Covert channel
  • TCP/IP protocols
  • network steganalysis
  • phase space reconstruction


Dive into the research topics of 'Detecting covert channels in computer networks based on chaos theory'. Together they form a unique fingerprint.

Cite this