PSCAN: A Port Scanning Network Covert Channel

Emad Eldin Mohamed, Adel Ben Mnaouer, Ezedin Barka

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)


This paper introduces PSCAN, a port scanning-based network covert channel that violates non-discretionary system security policy that does not allow data transfer from a given process (the sender) to another given process (the receiver). Using PSCAN, the sender opens and closes network ports in a way that encodes covert data. The receiver performs a synchronized port scanning procedure on the sender's host to determine which ports are open and which ones are closed then decodes the data. The paper defines the covert channel and analyzes its data rate, stealthiness, and robustness. In addition, the paper investigates countermeasures against the channel.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE 41st Conference on Local Computer Networks, LCN 2016
PublisherIEEE Computer Society
Number of pages4
ISBN (Electronic)9781509020546
Publication statusPublished - Dec 22 2016
Event41st IEEE Conference on Local Computer Networks, LCN 2016 - Dubai, United Arab Emirates
Duration: Nov 7 2016Nov 10 2016

Publication series

NameProceedings - Conference on Local Computer Networks, LCN


Other41st IEEE Conference on Local Computer Networks, LCN 2016
Country/TerritoryUnited Arab Emirates


  • covert channel
  • information hiding
  • network security
  • port scanning

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture


Dive into the research topics of 'PSCAN: A Port Scanning Network Covert Channel'. Together they form a unique fingerprint.

Cite this