Abstract
Recently, data hiding by modifying network parameters like packet header, payload, and packet length has become popular among researchers. Different algorithms have been proposed during the last few years which have altered the network packets in different ways to embed the data bits. Some of these algorithms modify the network packet length for embedding. Although most of the packet length based embedding schemes try to imitate the normal network traffic distribution, they have altered the statistical distribution of network packet lengths during embedding. These statistical anomalies can be exploited to detect such schemes. In this paper, a second order detection scheme for packet length based steganography has been proposed. A comprehensive set of experiments have been carried out to show that the proposed detection scheme can detect network packet length based steganography with a considerably high accuracy.
Similar content being viewed by others
References
K. Ahsan, D. Kundur, Covert channel analysis and data hiding in TCP/IP. MSc thesis, Dept. of Electrical and Computer Engineering, University of Toronto, August 2002
K. Ahsan, D. Kundur, Practical data hiding in TCP/IP, in ACM Workshop on Multimedia and Security, (2002). http://ee.tamu.edu/~deepa/pdf/acm02.pdf
S. Cabuk, C.E. Brodley, C. Shields, IP covert channel detection, in ACM Transaction on Information and System Security, vol. 12 (2009), pp. 22.1–22.29
S. Cabuk, C.E. Brodley, C. Shields, IP covert timing channels: design and detection, in Proceedings of the 11th ACM Conference on Computer and Communications Security (2004)
Clarknet dataset. http://ita.ee.lbl.gov/html/contrib/ClarkNet-HTTP.html
J. Fridrich, Feature-based steganalysis for JPEG images and its implications for future design of steganographic schemes, in Proceedings of the 6th International Workshop on Information Hiding (2004), pp. 67–81
C.G. Girling, Covert channels in LANs. IEEE Trans. Softw. Eng. SE-13(2), 292–296 (1987)
J. Harmsen, W. Pearlman, Steganalysis of additive noise modelable information hiding, in Proceedings of the Security and Watermarking of Multimedia Contents V, vol. 5020 (2003), pp. 131–142
L. Ji, W. Jiang, B. Dai, X. Niu, A novel covert channel based on length of messages, in Proceedings of the International Symposium on Information Engineering and Electronic Commerce (2009), pp. 551–554
L. Ji, H. Liang, Y. Song, X. Niu, A normal-traffic network covert channel, in Proceedings of the International Conference on Computational Intelligence and Security 2009, vol. 1 (2009), pp. 499–503
B.W. Lampson, A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)
W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, Hiding information in retransmissions. CoRR, abs/0905.0363 (2009). http://arxiv.org/ftp/arxiv/papers/0905/0905.0363.pdf
S.J. Murdoch, J. Steven, Lewis, Embedding covert channels into TCP/IP, in Proceedings of the Information Hiding: 7th International Workshop. LNCS, vol. 3727 (2005), pp. 247–261
A.S. Nair, A. Sur, S. Nandi, Detection of packet length based network steganography, in Proceedings of the International Conference on Multimedia Information Networking and Security (MINES 2010) (2010), pp. 574–578
A.S. Nair, A. Sur, S. Nandi, Network steganography—a brief survey, in Proceedings of the National Workshop on Design and Analysis of Algorithms (2010)
M.A. Padlipsky, D.W. Snow, P.A. Karger, Limitations of end-to-end encryption in secure computer networks. Tech. Rep. ESD-TR-78-158, Mitre Corporation (1978)
R.O. Preda, D.N. Vizireanu, A robust wavelet based video watermarking scheme for copyright protection using the human visual system. J. Electron. Imaging 20, 013–022 (2011)
R.O. Preda, D.N. Vizireanu, A robust digital watermarking scheme for video copyright protection in the wavelet domain. Measurement 43(10), 1720–1726 (2010)
R.O. Preda, D.N. Vizireanu, Quantization based video watermarking in the wavelet domain with spatial and temporal redundancy. Int. J. Electron. 98(3), 393–405 (2011)
Y. Quan-zhu, Z. Peng, Coverting channel based on packet length. Comput. Eng. 34(3) (2008)
S.H. Sellke, C. Wang, S. Bagchi, N.B. Shroff, TCP/IP timing channels: theory to implementation, in Proceedings Infocom 2009 (2009), pp. 2204–2212
K. Solanki, A. Sarkar, B.S. Manjunath, YASS: yet another steganographic scheme that resists blind steganalysis, in Proceedings of the 9th International Workshop on Information Hiding (2007), pp. 16–31
K. Szczypiorski, A performance analysis of HICCUPS—a steganographic system for WLAN. CoRR, abs/0906.4217 (2009). http://arxiv.org/abs/0906.4217
Z. Trabelsil, H. El-Sayed, L. Frikha, T. Rabiel, Traceroute based IP channel for sending hidden short messages, in Proceedings of the Advances in Information and Computer Security (2006), pp. 421–436
S. Zander, G. Armitage, P. Branch, Covert channels in the IP time to live field, in Proceedings of the Australian Telecommunication Networks & Applications Conference (ATNAC) (2006)
J. Zhang, I.J. Cox, G. Doerr, Steganalysis for LSB matching in images with high-frequency noise, in Proceedings of the IEEE 9th Workshop on Multimedia Signal Processing, MMSP 2007 (2007), pp. 385–388
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sur, A., Nair, A.S., Kumar, A. et al. Steganalysis of Network Packet Length Based Data Hiding. Circuits Syst Signal Process 32, 1239–1256 (2013). https://doi.org/10.1007/s00034-012-9497-8
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00034-012-9497-8