Skip to main content
Log in

Steganalysis of Network Packet Length Based Data Hiding

  • Published:
Circuits, Systems, and Signal Processing Aims and scope Submit manuscript

Abstract

Recently, data hiding by modifying network parameters like packet header, payload, and packet length has become popular among researchers. Different algorithms have been proposed during the last few years which have altered the network packets in different ways to embed the data bits. Some of these algorithms modify the network packet length for embedding. Although most of the packet length based embedding schemes try to imitate the normal network traffic distribution, they have altered the statistical distribution of network packet lengths during embedding. These statistical anomalies can be exploited to detect such schemes. In this paper, a second order detection scheme for packet length based steganography has been proposed. A comprehensive set of experiments have been carried out to show that the proposed detection scheme can detect network packet length based steganography with a considerably high accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. K. Ahsan, D. Kundur, Covert channel analysis and data hiding in TCP/IP. MSc thesis, Dept. of Electrical and Computer Engineering, University of Toronto, August 2002

  2. K. Ahsan, D. Kundur, Practical data hiding in TCP/IP, in ACM Workshop on Multimedia and Security, (2002). http://ee.tamu.edu/~deepa/pdf/acm02.pdf

    Google Scholar 

  3. S. Cabuk, C.E. Brodley, C. Shields, IP covert channel detection, in ACM Transaction on Information and System Security, vol. 12 (2009), pp. 22.1–22.29

    Google Scholar 

  4. S. Cabuk, C.E. Brodley, C. Shields, IP covert timing channels: design and detection, in Proceedings of the 11th ACM Conference on Computer and Communications Security (2004)

    Google Scholar 

  5. Clarknet dataset. http://ita.ee.lbl.gov/html/contrib/ClarkNet-HTTP.html

  6. J. Fridrich, Feature-based steganalysis for JPEG images and its implications for future design of steganographic schemes, in Proceedings of the 6th International Workshop on Information Hiding (2004), pp. 67–81

    Chapter  Google Scholar 

  7. C.G. Girling, Covert channels in LANs. IEEE Trans. Softw. Eng. SE-13(2), 292–296 (1987)

    Article  Google Scholar 

  8. J. Harmsen, W. Pearlman, Steganalysis of additive noise modelable information hiding, in Proceedings of the Security and Watermarking of Multimedia Contents V, vol. 5020 (2003), pp. 131–142

    Chapter  Google Scholar 

  9. L. Ji, W. Jiang, B. Dai, X. Niu, A novel covert channel based on length of messages, in Proceedings of the International Symposium on Information Engineering and Electronic Commerce (2009), pp. 551–554

    Google Scholar 

  10. L. Ji, H. Liang, Y. Song, X. Niu, A normal-traffic network covert channel, in Proceedings of the International Conference on Computational Intelligence and Security 2009, vol. 1 (2009), pp. 499–503

    Chapter  Google Scholar 

  11. B.W. Lampson, A note on the confinement problem. Commun. ACM 16(10), 613–615 (1973)

    Article  Google Scholar 

  12. W. Mazurczyk, M. Smolarczyk, K. Szczypiorski, Hiding information in retransmissions. CoRR, abs/0905.0363 (2009). http://arxiv.org/ftp/arxiv/papers/0905/0905.0363.pdf

  13. S.J. Murdoch, J. Steven, Lewis, Embedding covert channels into TCP/IP, in Proceedings of the Information Hiding: 7th International Workshop. LNCS, vol. 3727 (2005), pp. 247–261

    Chapter  Google Scholar 

  14. A.S. Nair, A. Sur, S. Nandi, Detection of packet length based network steganography, in Proceedings of the International Conference on Multimedia Information Networking and Security (MINES 2010) (2010), pp. 574–578

    Chapter  Google Scholar 

  15. A.S. Nair, A. Sur, S. Nandi, Network steganography—a brief survey, in Proceedings of the National Workshop on Design and Analysis of Algorithms (2010)

    Google Scholar 

  16. M.A. Padlipsky, D.W. Snow, P.A. Karger, Limitations of end-to-end encryption in secure computer networks. Tech. Rep. ESD-TR-78-158, Mitre Corporation (1978)

  17. R.O. Preda, D.N. Vizireanu, A robust wavelet based video watermarking scheme for copyright protection using the human visual system. J. Electron. Imaging 20, 013–022 (2011)

    Article  Google Scholar 

  18. R.O. Preda, D.N. Vizireanu, A robust digital watermarking scheme for video copyright protection in the wavelet domain. Measurement 43(10), 1720–1726 (2010)

    Article  Google Scholar 

  19. R.O. Preda, D.N. Vizireanu, Quantization based video watermarking in the wavelet domain with spatial and temporal redundancy. Int. J. Electron. 98(3), 393–405 (2011)

    Article  Google Scholar 

  20. Y. Quan-zhu, Z. Peng, Coverting channel based on packet length. Comput. Eng. 34(3) (2008)

  21. S.H. Sellke, C. Wang, S. Bagchi, N.B. Shroff, TCP/IP timing channels: theory to implementation, in Proceedings Infocom 2009 (2009), pp. 2204–2212

    Google Scholar 

  22. K. Solanki, A. Sarkar, B.S. Manjunath, YASS: yet another steganographic scheme that resists blind steganalysis, in Proceedings of the 9th International Workshop on Information Hiding (2007), pp. 16–31

    Chapter  Google Scholar 

  23. K. Szczypiorski, A performance analysis of HICCUPS—a steganographic system for WLAN. CoRR, abs/0906.4217 (2009). http://arxiv.org/abs/0906.4217

  24. Z. Trabelsil, H. El-Sayed, L. Frikha, T. Rabiel, Traceroute based IP channel for sending hidden short messages, in Proceedings of the Advances in Information and Computer Security (2006), pp. 421–436

    Chapter  Google Scholar 

  25. S. Zander, G. Armitage, P. Branch, Covert channels in the IP time to live field, in Proceedings of the Australian Telecommunication Networks & Applications Conference (ATNAC) (2006)

    Google Scholar 

  26. J. Zhang, I.J. Cox, G. Doerr, Steganalysis for LSB matching in images with high-frequency noise, in Proceedings of the IEEE 9th Workshop on Multimedia Signal Processing, MMSP 2007 (2007), pp. 385–388

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Arijit Sur.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sur, A., Nair, A.S., Kumar, A. et al. Steganalysis of Network Packet Length Based Data Hiding. Circuits Syst Signal Process 32, 1239–1256 (2013). https://doi.org/10.1007/s00034-012-9497-8

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00034-012-9497-8

Keywords

Navigation