A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine

Capítulo de livro Revisado por pares

A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine

2003; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-540-39927-8_29

ISSN

1611-3349

Autores

Taeshik Sohn, Jung Taek Seo, Jongsub Moon,

Tópico(s)

Advanced Malware Detection Techniques

Resumo

Nowadays, threats of information security have become a big issue in internet environments. Various security solutions are used as such problems' countermeasure; IDS, Firewall and VPN. However, a TCP/IP protocol based Internet basically has great vulnerability of protocol itself. It is especially possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledgement number, timestamp and so on [3]. In this paper, we focus on the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, our approach uses a Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that the proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using a Support Vector Machine.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine