Detecting protocol switching covert channels

Wendzel, S. and Zander, S. (2012) Detecting protocol switching covert channels. In: 2012 IEEE 37th Conference on Local Computer Networks (LCN), 22 - 25 October 2012, Clearwater, Florida

Network covert channels enable hidden communication and can be used to break security policies. Within the last years, new techniques for such covert channels arose, including protocol switching covert channels (PSCCs). PSCCs transfer hidden information by sending network packets with different selected network protocols. In this paper we present the first detection methods for PSCCs. We show that the number of packets between network protocol switches and the time between switches can be monitored to detect PSCCs with 98-99% accuracy for bit rates of 4 bits/second or higher.

Publication Type: Conference Paper
