Advertisement

Support Vector Machine Based ICMP Covert Channel Attack Detection

  • Taeshik Sohn
  • Taewoo Noh
  • Jongsub Moon
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)

Abstract

TCP/IP protocol basically have much vulnerability in protocol itself. Specially, ICMP is ubiquitous to almost every TCP/IP based network. Thereupon, many networks consider ICMP traffic to be benign and will allow it to be passed through, unmolested. So, attackers can tunnel(covert channel) any information they want through it. To detect an ICMP covert channel, we use SVM which has excellent performance in pattern classification. Our experiments show that the proposed method can detect an ICMP covert channel among normal ICMP traffic using SVM.

Keywords

Support Vector Machine Normal Packet Covert Channel Port Vector Machine Information Security Technology 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    McHugh, J.: Covert Channel Analysis. Portland State University (1995)Google Scholar
  2. 2.
    Loki: ICMP Tunneling, daemon9. Pharack Magazine 6(49)Google Scholar
  3. 3.
    Vapnik, V.: The Nature of Statistical Learning Theory. Springer, Heidelberg (1995)zbMATHGoogle Scholar
  4. 4.
    Bellovin, S.M.: Security Problems in the TCP/IP protocol suite. Computer Communication Reviews 19(2), 32–48 (1989)CrossRefGoogle Scholar
  5. 5.
    Mukkamala, S., Janowski, G.: Intrusion Detection Using Neural Networks and Support Vector Machines. In: Proceedings of IEEE IJCNN, pp. 1702–1707 (May 2002)Google Scholar
  6. 6.
    Joachmims, T.: mySVM - a Support Vector Machine. Univerity DortmundGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Taeshik Sohn
    • 1
  • Taewoo Noh
    • 1
  • Jongsub Moon
    • 1
  1. 1.Center for Information Security TechnologiesKorea UniversitySeoulKorea

Personalised recommendations