Detection of Covert Channels Over ICMP Protocol

Sirine Sayadi, Tarek Abbes, Adel Bouhoula
2017 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA)  
With the growing complexity of networks and communications protocols that become increasingly enormous and extensive, we are confronted with the problem of covert channel that affects the confidentiality and integrity of data sent in the network. Covert channels also known as hidden channels can elude basic security systems such as Intrusion Detection Systems (IDS) and firewalls. We propose in this work a method to monitor and detect the presence of hidden channels that are based on an
more » ... monitoring protocol "Internet Control Message Protocol" (ICMP). We undergo the network traffic with a set of verifications ranging from simple fields verification to more complex pattern matching operations. To validate our idea, we have installed Ptunnel, a tool that allows to tunnel TCP connections to a remote host using ICMP echo request and reply packets. Our experimental results show the possibility to discover such malicious traffic with high performance.
doi:10.1109/aiccsa.2017.60 dblp:conf/aiccsa/SayadiAB17 fatcat:hpbirws5nnfbrcy4vxsz4cmbce