The capacity of undetectable on/off covert channel

4Citations
Citations of this article
1Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Almost all modern computer networks are based on TCP/IP protocol suite. However, structure features of IP allow constructing covert channels with high capacity using modification of inter-packets delays, packets’ header fields and packets lengths. A technique to eliminate such channels is traffic normalization which means sending packets with equal lengths and fixed header fields with equal inter-packets delays that leads to significant decreasing of efficient communication channels capacity and missing of functional capabilities of network protocols. Another way to counteract covert channel is to detect an active channel. Nevertheless, an attacker can reduce the covert channel capacity purposely to make it undetectable. We investigate on/off covert channel and give recommendations to choose the parameters of ε-similarity detection method with specified threshold values of covert channels capacity.

Cite

CITATION STYLE

APA

Epishkina, A., Finoshin, M., & Kogos, K. (2016). The capacity of undetectable on/off covert channel. In Lecture Notes in Electrical Engineering (Vol. 376, pp. 641–650). Springer Verlag. https://doi.org/10.1007/978-981-10-0557-2_63

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free