A network covert channel is a mechanism that can be used to leak information across a network in violation of a security policy.In this paper,we first describe an enumerative covert channel existing in MSL networks,and then we propose a model for detecting it.This model caches a certain percentage of static enumerative dataset in advance and a certain percentage of dynamic dataset on the fly to audit the channel,it also inserts bogus packets and disorders query sequence to obscure a Trojan in high security network from identifying partners in low security network.We conclude that the model can audit enumerative channel effectively according to calculation and some experiments.
展开▼