| Title | Evaluation of the IP Identification Covert Channel Anomalies Using Support Vector Machine |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Shehab, Manal, Korany, Noha, Sadek, Nayera |
| Conference Name | 2021 IEEE 26th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) |
| Date Published | oct |
| Keywords | composability, compositionality, Computational modeling, Conferences, covert channel, covert channels, detection, Entropy, feature extraction, IP Identification (IP ID), IP networks, PCA, pubcrawl, resilience, Resiliency, Scalability, support vector machine (SVM), Support vector machines |
| Abstract | IP Identification (IP ID) is an IP header field that identifies a data packet in the network to distinguish its fragments from others during the reassembly process. Random generated IP ID field could be used as a covert channel by embedding hidden bits within it. This paper uses the support vector machine (SVM) while enabling a features reduction procedure for investigating to what extend could the entropy feature of the IP ID covert channel affect the detection. Then, an entropy-based SVM is employed to evaluate the roles of the IP ID covert channel hidden bits on detection. Results show that, entropy is a distinct discrimination feature in classifying and detecting the IP ID covert channel with high accuracy. Additionally, it is found that each of the type, the number and the position of the hidden bits within the IP ID field has a specified influence on the IP ID covert channel detection accuracy. |
| DOI | 10.1109/CAMAD52502.2021.9617790 |
| Citation Key | shehab_evaluation_2021 |
Evaluation of the IP Identification Covert Channel Anomalies Using Support Vector Machine