Covert channel detection in the ICMP payload using support vector machine

Taeshik Sohn; Jongsub Moon; Sangjin Lee; Dong Hoon Lee; Jongin Lim

doi:10.1007/978-3-540-39737-3_103

Covert channel detection in the ICMP payload using support vector machine

Taeshik Sohn, Jongsub Moon, Sangjin Lee, Dong Hoon Lee, Jongin Lim

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Chapter

23 Citations (Scopus)

Abstract

ICMP traffic is ubiquitous to almost TCP/IP based network. As such, many network devices consider ICMP traffic to be benign and will allow it to pass through, unmolested. So, attackers can generate arbitrary information tunneling in the payload of ICMP packets. To detect a ICMP covert channel, we used SVM which has excellent performance in pattern classification problems. Our experiments showed that the proposed method could detect the ICMP covert channel from normal ICMP traffic using SVM.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Editors	Adnan Yazici, Cevat Sener
Publisher	Springer Verlag
Pages	828-835
Number of pages	8
ISBN (Print)	3540204091, 9783540397373
DOIs	https://doi.org/10.1007/978-3-540-39737-3_103
Publication status	Published - 2003

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	2869
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-540-39737-3_103

Cite this

Sohn, T., Moon, J., Lee, S., Lee, D. H., & Lim, J. (2003). Covert channel detection in the ICMP payload using support vector machine. In A. Yazici, & C. Sener (Eds.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (pp. 828-835). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2869). Springer Verlag. https://doi.org/10.1007/978-3-540-39737-3_103

Covert channel detection in the ICMP payload using support vector machine. / Sohn, Taeshik; Moon, Jongsub; Lee, Sangjin et al.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). ed. / Adnan Yazici; Cevat Sener. Springer Verlag, 2003. p. 828-835 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2869).

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Sohn, T, Moon, J, Lee, S , Lee, DH & Lim, J 2003, Covert channel detection in the ICMP payload using support vector machine. in A Yazici & C Sener (eds), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2869, Springer Verlag, pp. 828-835. https://doi.org/10.1007/978-3-540-39737-3_103

Sohn T, Moon J, Lee S , Lee DH , Lim J. Covert channel detection in the ICMP payload using support vector machine. In Yazici A, Sener C, editors, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Springer Verlag. 2003. p. 828-835. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-39737-3_103

Sohn, Taeshik ; Moon, Jongsub ; Lee, Sangjin et al. / Covert channel detection in the ICMP payload using support vector machine. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). editor / Adnan Yazici ; Cevat Sener. Springer Verlag, 2003. pp. 828-835 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{4e4a7918f1c74801bbcd6c9f1e5047d3,

title = "Covert channel detection in the ICMP payload using support vector machine",

abstract = "ICMP traffic is ubiquitous to almost TCP/IP based network. As such, many network devices consider ICMP traffic to be benign and will allow it to pass through, unmolested. So, attackers can generate arbitrary information tunneling in the payload of ICMP packets. To detect a ICMP covert channel, we used SVM which has excellent performance in pattern classification problems. Our experiments showed that the proposed method could detect the ICMP covert channel from normal ICMP traffic using SVM.",

author = "Taeshik Sohn and Jongsub Moon and Sangjin Lee and Lee, {Dong Hoon} and Jongin Lim",

year = "2003",

doi = "10.1007/978-3-540-39737-3_103",

language = "English",

isbn = "3540204091",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "828--835",

editor = "Adnan Yazici and Cevat Sener",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - CHAP

T1 - Covert channel detection in the ICMP payload using support vector machine

AU - Sohn, Taeshik

AU - Moon, Jongsub

AU - Lee, Sangjin

AU - Lee, Dong Hoon

AU - Lim, Jongin

PY - 2003

Y1 - 2003

N2 - ICMP traffic is ubiquitous to almost TCP/IP based network. As such, many network devices consider ICMP traffic to be benign and will allow it to pass through, unmolested. So, attackers can generate arbitrary information tunneling in the payload of ICMP packets. To detect a ICMP covert channel, we used SVM which has excellent performance in pattern classification problems. Our experiments showed that the proposed method could detect the ICMP covert channel from normal ICMP traffic using SVM.

AB - ICMP traffic is ubiquitous to almost TCP/IP based network. As such, many network devices consider ICMP traffic to be benign and will allow it to pass through, unmolested. So, attackers can generate arbitrary information tunneling in the payload of ICMP packets. To detect a ICMP covert channel, we used SVM which has excellent performance in pattern classification problems. Our experiments showed that the proposed method could detect the ICMP covert channel from normal ICMP traffic using SVM.

UR - http://www.scopus.com/inward/record.url?scp=0142183968&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0142183968&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-39737-3_103

DO - 10.1007/978-3-540-39737-3_103

M3 - Chapter

AN - SCOPUS:0142183968

SN - 3540204091

SN - 9783540397373

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 828

EP - 835

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

A2 - Yazici, Adnan

A2 - Sener, Cevat

PB - Springer Verlag

ER -

Covert channel detection in the ICMP payload using support vector machine

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this