Browse > Article
http://dx.doi.org/10.13089/JKIISC.2004.14.1.35

A Study on the Covert Channel Detection in the TCP/IP Header based on the Support Vector Machine  

손태식 (고려대학교)
서정우 (고려대학교)
서정택 (국가보안기술연구소)
문종섭 (고려대학교)
최홍민 (㈜씨큐브)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.14, no.1, 2004 , pp. 35-45 More about this Journal
Abstract
In explosively increasing internet environments, information security is one of the most important consideration. Nowadays, various security solutions are used as such problems countermeasure; IDS, Firewall and VPN. However, basically internet has much vulnerability of protocol itself. Specially, it is possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledge number, timestamp and so on. In this Paper, we focus cm the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, we used Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using Support Vector Machine.
Keywords
cover channel; Support Vector Machine; TCP/IP;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. H. Rowland, Covert channels in the TCP/IP protocol suite, Tech. Rep. 5, First Monday, Peer Reviewed Journal on the Internet, July 1997
2 Daemon9, 'Loki: ICMP Tunneling', Pharack Magazine, Vol.6, Issue 49, article 6 of 16
3 John Giffin, Covert Messaging Through TCP Timestamps, PET2002, pp. 194-208, Apr 2002
4 Vapnik V., The Nature of Statistical Learning Theory, Springer-Verlag, New-York, 1995
5 J. McHugh, Covert Channel Analysis, Technical Memorundum 5540:080A, Naval Research Laboratory, Washington D.C., 1995. A Chapter of the Handbook for the Computer Security Certification of Trusted Systems
6 Neil F. Johnson et al, Information Hiding: Steganography and Watermarking - Attacks and Countermeasures, Kluwer Academic Publishers, 2000
7 'Properties of Support Vect or Machines,' A.I. Memo No. 1612; CBCL paper No. 152, Massachusetts Institute of Technology. Cambridge, 1997
8 Department of defence trusted computer system evaluation criteria, Tech. Rep. DOD 5200.28-ST. Department of Defence, Dec 1985. Supersedes CSC-STD-001-83
9 C. Campbell and N. Cristianini, Simple Learning Algorithms for Training Support Vector Machines, Technical report, University of Bristol. 1998
10 B. W. Lampson, A note on the confinment problem, in Proc. of the Communications of the ACM, no. 16:10, pp. 613-615, Oct 1973
11 S. Mukkamala, G. Janowski, A. H. Sung. Intrusion Detection Using Neural Networks and Support Vector Machines, Proceedings of IEEE IJCNN, pp.1702-1707, May 2002
12 K. Ahsan and D. Kundur, 'Practical Data Hiding in TCP/IP,' Proc. Workshop on Multimedia Security at ACM Multimedia '02, 7 pages, French Riviera, Dec 2002
13 Fabien A. P. Petitcolas, editor. Information hiding, Proceedings of the 5th international workshop on information hiding. LNCS 2578. Noordwijkerhout The Netherlands, Oct 2002
14 Dorothy E Denning, An Intrusion Detection Model, In IEEE Transactions on SE, Number 2, pp. 222-250, Feb. 1997
15 Joachmims T, mySVM - a Support Vector Machine, Univerity Dortmund, 1999