Abstract
Nowadays, threats of information security have become a big issue in internet environments. Various security solutions are used as such problems’ countermeasure; IDS, Firewall and VPN. However, a TCP/IP protocol based Internet basically has great vulnerability of protocol itself. It is especially possible to establish a covert channel using TCP/IP header fields such as identification, sequence number, acknowledgement number, timestamp and so on [3]. In this paper, we focus on the covert channels using identification field of IP header and the sequence number field of TCP header. To detect such covert channels, our approach uses a Support Vector Machine which has excellent performance in pattern classification problems. Our experiments showed that the proposed method could discern the abnormal cases(including covert channels) from normal TCP/IP traffic using a Support Vector Machine.
This research is supported by Korea University Grant
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
U.S. Department Of Defence, Trusted Computer System Criteria (1985)
McHugh, J.: Covert Channel Analysis, Portland State University (1995)
Rowland, C.H.: Covert Channels in the TCP/IP protocol suite (1996) (first Monday)
Vapnik, V.: The Nature of Statistical Learning Theory. Springer, New York (1995)
Bueges, C.J.C.: A Tutorial on Support Vector Machines for Patter Recognition. Data Mining and Knowledge Discovery, Boston (1988)
Cortes, C., Vapnik, V.: Support Vector Network. Machine Learning 20, 273–279 (1995)
Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines. Cambridge University Press, Cambridge (2000)
Schölkopf, B., Sung, K.K., Burges, C., Girosi, F., Poggio, T., Vapnik, V.: Comparing support vector machines with Gaussian kernels to radial basis function classifiers. IEEE Transactions on Signal Processing 45(11), 2758–2765 (1997)
Campbell, C., Cristianini, N.: Simple Learning Algorithms for Training Support Vector Machines (1998)
Bellovin, S.M.: Security Problems in the TCP/IP protocol suite. Computer Communication Reviews 19(2), 32–48 (1989)
Mukkamala, S., et al.: Intrusion Detection Using Neural Networks and Support Vector Machines. In: Proceedings of IEEE IJCNN, May 2002, pp. 1702–1707 (2002)
Denning, D.E.: An Intrusion Detection Model. IEEE Transactions on SEÂ (2), 222 (1997)
Pontil, M., Verri, A.: Properties of Support Vector Machines. A.I. Memo No. 1612; CBCL paper No. 152, MIT, Cambridge (1997)
Joachmims, T.: mySVM – a Support Vector Machine, University Dortmund
Giffin, J.: Covert Messaging Through TCP Timestamps. PET 2002 (2000)
Forouzan, B.A.: TCP/IP Protocol Suite. McGraw-Hill, New York
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sohn, T., Seo, J., Moon, J. (2003). A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine. In: Qing, S., Gollmann, D., Zhou, J. (eds) Information and Communications Security. ICICS 2003. Lecture Notes in Computer Science, vol 2836. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39927-8_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-39927-8_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20150-2
Online ISBN: 978-3-540-39927-8
eBook Packages: Springer Book Archive