Detection of Covert Channels Over ICMP Protocol
| Autor: | Adel Bouhoula, Sirine Sayadi, Tarek Abbes |
|---|---|
| Přispěvatelé: | High School of Communication of Tunis (Sup'com), Université de Carthage - University of Carthage, Université de Sfax - University of Sfax |
| Jazyk: | angličtina |
| Rok vydání: | 2017 |
| Předmět: |
Echo (communications protocol)
Computer science 0211 other engineering and technologies Covert channel 02 engineering and technology Intrusion detection system [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI] Internet Control Message Protocol [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] [SPI]Engineering Sciences [physics] 0202 electrical engineering electronic engineering information engineering ICMP protocol 021110 strategic defence & security studies SIMPLE (military communications protocol) Covert Channel Network packet business.industry ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Traffic analysis 020206 networking & telecommunications Tunneling Detection Storage Chan- nel Network Security ICMP Tunneling [INFO.INFO-BI]Computer Science [cs]/Bioinformatics [q-bio.QM] business Communications protocol Host (network) Computer network |
| Zdroj: | 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA) 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA), Oct 2017, Hammamet, Tunisia. pp.1247-1252, ⟨10.1109/AICCSA.2017.60⟩ AICCSA |
| DOI: | 10.1109/AICCSA.2017.60⟩ |
| Popis: | International audience; With the growing complexity of networks and communications protocols that become increasingly enormous and extensive, we are confronted with the problem of covert channel that affects the confidentiality and integrity of data sent in the network. Covert channels also known as hidden channels can elude basic security systems such as Intrusion Detection Systems (IDS) and firewalls. We propose in this work a method to monitor and detect the presence of hidden channels that are based on an essential monitoring protocol "Internet Control Message Protocol" (ICMP). We undergo the network traffic with a set of verifications ranging from simple fields verification to more complex pattern matching operations. To validate our idea, we have installed Ptunnel, a tool that allows to tunnel TCP connections to a remote host using ICMP echo request and reply packets. Our experimental results show the possibility to discover such malicious traffic with high performance. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|