Towards optimized TCP/IP covert channels detection, IDS and firewall integration

Senda Hammouda; Lilia Maalej; Zouheir Trabelsi

doi:10.1109/NTMS.2008.ECP.101

Towards optimized TCP/IP covert channels detection, IDS and firewall integration

Senda Hammouda, Lilia Maalej, Zouheir Trabelsi

Department of Information System and Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Citations (Scopus)

Abstract

Covert channels exist in most communications systems and allow individuals to communicate truly undetectable and exchange hidden information. That's why their detection seems to be a big deal for security systems. However, till now, security systems do not include dedicated processes for covert channel detection. In this paper, we first propose mechanisms to detect common covert channels. Then, within a whole security system, we propose an optimized order regarding the execution of the three major security processes: Firewall, Intrusion Detection System (IDS) and Covert Channel Detection System (CCDS). It will be demonstrated that the proposed order would allow security systems to offer better processing performances.

Original language	English
Title of host publication	Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008
DOIs	https://doi.org/10.1109/NTMS.2008.ECP.101
Publication status	Published - 2008
Event	New Technologies, Mobility and Security Conference and Workshops, NTMS 2008 - Tangier, Morocco Duration: Nov 5 2008 → Nov 7 2008

Publication series

Name	Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008

Other

Other	New Technologies, Mobility and Security Conference and Workshops, NTMS 2008
Country/Territory	Morocco
City	Tangier
Period	11/5/08 → 11/7/08

Keywords

Covert channel system
Firewall
Intrusion detection
TCP/IP protocols

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications

Access to Document

10.1109/NTMS.2008.ECP.101

Cite this

Hammouda, S., Maalej, L., & Trabelsi, Z. (2008). Towards optimized TCP/IP covert channels detection, IDS and firewall integration. In Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008 Article 4689155 (Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008). https://doi.org/10.1109/NTMS.2008.ECP.101

Towards optimized TCP/IP covert channels detection, IDS and firewall integration. / Hammouda, Senda; Maalej, Lilia; Trabelsi, Zouheir.
Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008. 2008. 4689155 (Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Hammouda, S, Maalej, L & Trabelsi, Z 2008, Towards optimized TCP/IP covert channels detection, IDS and firewall integration. in Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008., 4689155, Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008, New Technologies, Mobility and Security Conference and Workshops, NTMS 2008, Tangier, Morocco, 11/5/08. https://doi.org/10.1109/NTMS.2008.ECP.101

@inproceedings{84be04f342f04f5e82ff04cabbce4e19,

title = "Towards optimized TCP/IP covert channels detection, IDS and firewall integration",

abstract = "Covert channels exist in most communications systems and allow individuals to communicate truly undetectable and exchange hidden information. That's why their detection seems to be a big deal for security systems. However, till now, security systems do not include dedicated processes for covert channel detection. In this paper, we first propose mechanisms to detect common covert channels. Then, within a whole security system, we propose an optimized order regarding the execution of the three major security processes: Firewall, Intrusion Detection System (IDS) and Covert Channel Detection System (CCDS). It will be demonstrated that the proposed order would allow security systems to offer better processing performances.",

keywords = "Covert channel system, Firewall, Intrusion detection, TCP/IP protocols",

author = "Senda Hammouda and Lilia Maalej and Zouheir Trabelsi",

year = "2008",

doi = "10.1109/NTMS.2008.ECP.101",

language = "English",

isbn = "9782953244304",

series = "Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008",

booktitle = "Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008",

note = "New Technologies, Mobility and Security Conference and Workshops, NTMS 2008 ; Conference date: 05-11-2008 Through 07-11-2008",

}

TY - GEN

T1 - Towards optimized TCP/IP covert channels detection, IDS and firewall integration

AU - Hammouda, Senda

AU - Maalej, Lilia

AU - Trabelsi, Zouheir

PY - 2008

Y1 - 2008

N2 - Covert channels exist in most communications systems and allow individuals to communicate truly undetectable and exchange hidden information. That's why their detection seems to be a big deal for security systems. However, till now, security systems do not include dedicated processes for covert channel detection. In this paper, we first propose mechanisms to detect common covert channels. Then, within a whole security system, we propose an optimized order regarding the execution of the three major security processes: Firewall, Intrusion Detection System (IDS) and Covert Channel Detection System (CCDS). It will be demonstrated that the proposed order would allow security systems to offer better processing performances.

AB - Covert channels exist in most communications systems and allow individuals to communicate truly undetectable and exchange hidden information. That's why their detection seems to be a big deal for security systems. However, till now, security systems do not include dedicated processes for covert channel detection. In this paper, we first propose mechanisms to detect common covert channels. Then, within a whole security system, we propose an optimized order regarding the execution of the three major security processes: Firewall, Intrusion Detection System (IDS) and Covert Channel Detection System (CCDS). It will be demonstrated that the proposed order would allow security systems to offer better processing performances.

KW - Covert channel system

KW - Firewall

KW - Intrusion detection

KW - TCP/IP protocols

UR - http://www.scopus.com/inward/record.url?scp=58049148085&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=58049148085&partnerID=8YFLogxK

U2 - 10.1109/NTMS.2008.ECP.101

DO - 10.1109/NTMS.2008.ECP.101

M3 - Conference contribution

AN - SCOPUS:58049148085

SN - 9782953244304

T3 - Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008

BT - Proceedings of New Technologies, Mobility and Security Conference and Workshops, NTMS 2008

T2 - New Technologies, Mobility and Security Conference and Workshops, NTMS 2008

Y2 - 5 November 2008 through 7 November 2008

ER -

Towards optimized TCP/IP covert channels detection, IDS and firewall integration

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this