Visible to the public Packet Length Covert Channel: A Detection Scheme

TitlePacket Length Covert Channel: A Detection Scheme
Publication TypeConference Paper
Year of Publication2018
AuthorsElsadig, M. A., Fadlalla, Y. A.
Conference Name2018 1st International Conference on Computer Applications Information Security (ICCAIS)
Keywordscommunication channel, Communication channels, compositionality, content development, content-based features, covert channel, covert channels, covert traffic, detection, elimination, feature extraction, frequency-based features, illegal information flow, learning (artificial intelligence), machine learning, machine learning based detection scheme, network protocols, normal terrific, packet length covert channel, packet radio networks, packet size covert channel, Prevention, Protocols, Receivers, reliability, resilience, Scalability, security, security attack, system security policies, telecommunication channels, telecommunication security, telecommunication traffic, undetectable network covert channels
AbstractA covert channel is a communication channel that is subjugated for illegal flow of information in a way that violates system security policies. It is a dangerous, invisible, undetectable, and developed security attack. Recently, Packet length covert channel has motivated many researchers as it is a one of the most undetectable network covert channels. Packet length covert channel generates a covert traffic that is very similar to normal terrific which complicates the detection of such type of covert channels. This motivates us to introduce a machine learning based detection scheme. Recently, a machine learning approach has proved its capability in many different fields especially in security field as it usually brings up a reliable and realistic results. Based in our developed content and frequency-based features, the developed detection scheme has been fully trained and tested. Our detection scheme has gained an excellent degree of detection accuracy which reaches 98% (zero false negative rate and 0.02 false positive rate).
DOI10.1109/CAIS.2018.8442026
Citation Keyelsadig_packet_2018