Bandwidth and Detection of Packet Length Covert Channels

Abstract

This thesis explores the detectability and robustness of packet length covert channels. We discovered that packet length covert channels, where a rogue user modulates the length of a Transport Control Protocol packet, can be detected while monitoring traffic of a large network. The bandwidth of these channels can be successfully estimated as well as the channels themselves detected using statistical inference. In addition, we observed that there is an inverse relationship between the volitionality in networks with respect to packet lengths and the detectability of these channels, and between packet length and channel bandwidth. For a large network like a college department, the bandwidth of a covert channel could be in the tens of megabytes over the course of a day.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2011
Accession Number
ADA543860

Entities

People

  • Derek J. Dye

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Networks
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Databases
  • Detection
  • Information Science
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Local Area Networks
  • Network Architecture
  • Network Protocols
  • Network Science
  • Operating Systems
  • Statistical Analysis

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Image Processing and Computer Vision.
  • Regression Analysis.

Technology Areas

  • AI & ML