Design of Transport Layer Based Hybrid Covert Channel Detection Engine

TL;DR

This paper presents a new detection engine for hybrid covert channels in transport layer protocols like TCP and SSL, addressing the challenge of identifying hidden malicious communication paths in networks.

Contribution

It introduces a novel detection engine specifically designed for hybrid covert channels in transport layer protocols, enhancing network security measures.

Findings

Effective detection of multi-trapdoor covert channels demonstrated

Improved security against hidden malicious communication in networks

Detection engine applicable to TCP and SSL protocols

Abstract

Computer network is unpredictable due to information warfare and is prone to various attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such attacks are devised using special communication channel called "Covert Channel". The word "Covert" stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within legitimate network communication that clearly violates security policies laid down. The non-transparency in covert channel is also referred to as trapdoor. A trapdoor is unintended design within legitimate communication whose motto is to leak information. Subliminal channel, a variant of covert channel works similarly except that the trapdoor is set in a cryptographic algorithm. A composition of covert channel with subliminal channel is the "Hybrid Covert Channel". Hybrid covert channel is homogenous or heterogeneous mixture of two or more variants of covert channels either active at same instance or at different instances of time. Detecting such malicious channel activity plays a vital role in removing threat to the legitimate network. In this paper, we present a study of multi-trapdoor covert channels and introduce design of a new detection engine for hybrid covert channel in transport layer visualized in TCP and SSL.