Covert channels via the widely used TCP/IP protocols have become a new challenge issue for network security. In this paper, we propose an effective method to detect the existence of hidden information in TCP ISNs (Initial Sequence Numbers), which are known as the most difficult covert channels to be detected. Our method uses phase space reconstruction to characterize dynamic nature of ISNs. A statistical model is then proposed. Based on this proposed model, the classification algorithm is developed to identify the existence of information hidden in ISNs. Simulation results have demonstrated that our proposed detection method outperforms the-state-of-the-art in terms of high detecting accuracy and greatly reduced computational complexity. Instead of off-line processing as the-state-of-the-art does, our new scheme can be used for on-line detection.
展开▼