Portal de Periódicos da CAPES

A Network Steganography Lab on Detecting TCP/IP Covert Channels

2016; IEEE Education Society; Volume: 59; Issue: 3 Linguagem: Inglês

10.1109/te.2016.2520400

1557-9638

Tanja Zseby, Félix Iglesias, Valentin Bernhardt, Davor Frkat, Robert Annessi,

Network Security and Intrusion Detection

This paper presents a network security laboratory to teach data analysis for detecting TCP/IP covert channels. The laboratory is mainly designed for students of electrical engineering, but is open to students of other technical disciplines with similar background. Covert channels provide a method for leaking data from protected systems, which is a major concern for big enterprises and governments. The inclusion of covert channels in the curricula of network security students and network data analysts is therefore considered a valuable extension. In the lab exercises presented, students learn how covert channels in TCP/IP network traffic can be hidden and detected. Since the detection of covert channels requires an in-depth understanding of protocol standards and typical behavior of TCP/IP flows, the lab also provides a "playground" in which students can deepen their communication networks knowledge. Students learn how to use and interpret statistical analysis to discover abnormal patterns and footprints in network data. They are also trained to deal with noisy scenarios that increase ambiguity and uncertainty. The laboratory was first implemented during the winter semester 2014 with a class of 18 students at TU Wien, Austria. This experience showed that students consolidated the targeted skills as well as increased their interest in the topics explored. All exercises and datasets for the introduced "Network Security Advanced" lab are made publicly available.