Review on covert channel detection methods of TCP/IP header

Authors

  • Apurva N Mahajan S. N. D. COE & RC Yeola, University Of Pune
  • I R shaikh Assistant Professor, S. N. D. COE & RC Yeola

Keywords:

TCP/IP covert channel, TCP, IP, network security

Abstract

A covert channel is any methodology of communication that’s acquainted illicitly transfer data, so breaking the security policy of a system. A network covert channel is a covert statement by hiding covert messages in to explicit network packets. Any shared resource will be probably used as a covert channel. In recent years with the growth of various hiding methods, network covert channel has become a new kind of intimidation for network security. A covert channel is an unplanned design within authentic communication whose axiom is to leak information as a part of undeveloped protocols. In fact, most detection systems can detect hidden data in the payload, but struggle to survive with data hidden in the IP and TCP packet headers. The huge number of protocols in internet seems ideal as a high-bandwidth vehicle for covert communication. Due to unwanted and malevolent nature of covert channel applications and as it poses a serious security threat to network, it is recommended to detect covert channels efficiently. This paper presents a criticism of TCP/IP covert channel design and their detection scheme and presents a proposed method based on Naive-Bayesian classifier to detect covert channels in TCP ISN and IP ID fields of TCP/IP packet.

References

R. J. Anderson and F. A. P. Petitcolas, “On the limits of steganography,” IEEE J. Sel. Areas Commun., vol. 16, no. 4, pp. 474–481, May1998.

S. Attallah, “Trusted Computer System Evaluation Criteria”, Tech. Rep. DOD 5200. 28-STD, 1985 [Online]. Available: http:// csrc.nist.gov/ publistications/history/dod85.pdf.

V. Forte, C.Maruti, M. R. Vetturi, and M. Zambelli, “SecSyslog: An approach to secure logging based on covert channels,” in Proc. First Int. Wksp. Systematic Approaches to Digital Forensic Engineering, pp. 248–263, Nov. 2005.

Transmission Control Protocol (TCP), Information Sciences Institute, University of Southern California, RFC 793, Sep. 1981.

Internet Protocol (IP), Information Sciences Institute, University of Southern California, RFC 791, Sep. 1981.

M. Owens, “A Discussion of Covert Channels and Steganography”, SANS (SysAdmin, Audit, Network, Security) Institute, 2002.

K.Szczypiorski, “Steganography in TCP/IP Networks. State of the Art and a Proposal of a New System HICCUPS Institute of Telecommunications Seminar [Online], Retrieved Jun. 2010

T. Sohn, J. S. , and J. Moon, “A study on covert channel detection of TCP/IP header using support vector machine,” in Proc. 5th Int. Conf. Information and Communication Security (ICICS 2003), pp. 313–324, Oct. 2003.

Downloads

Published

2014-12-31

How to Cite

[1]
A. N. Mahajan and I. R. shaikh, “Review on covert channel detection methods of TCP/IP header”, Int. J. Comp. Sci. Eng., vol. 2, no. 12, pp. 53–56, Dec. 2014.

Issue

Vol. 2 No. 12 (2014): IJCSE December Edition

Section

Review Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.