This is a protocol independent approach to detect network covert channel in Network, Transport, and Application layer. The repository contains Python codes that we developed to extract covert channel packet information from PCAP files. Then, having the data extracted, we ran supervised machine learning techniques to produce prediction results of labelled data.
The work has been published at the 22nd IEEE International Conference on Computational Science and Engineering (IEEE CSE 2019).
If you use our implementation for academic research, you are highly encouraged to cite our paper.
@inproceedings{ayub2019protocol,
title={A Protocol Independent Approach in Network Covert Channel Detection},
author={Ayub, Md Ahsan and Smith, Steven and Siraj, Ambareen},
booktitle={2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC)},
pages={165--170},
year={2019},
organization={IEEE}
}
The work has been funded by Cybersecurity Education, Research & Outreach Center (CEROC) at Tennessee Tech University.