TY - GEN
T1 - A Survey of Network Covert Channel
T2 - 11th IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2025
AU - Kou, Xuhan
AU - Lei, Yin
AU - Guo, Chennan
AU - Wei, Yihang
AU - Chen, Zhuo
AU - Yuan, Xiangbo
AU - Gai, Keke
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Network covert channels facilitate the transmission of secret information in an undetectable manner. In this survey, we systematically study fundamental concepts, construction techniques, and detection methods of network covert channels. The channels are categorized into two types, namely, storage-based covert channels and timing-based covert channels. The former utilizes redundancy in protocol fields to embed information, while the latter transmits data by modulating traffic intervals. The timing-based channel primarily enhances concealment by adjusting the packet intervals and integrating protocol features, while the storage-based channel embeds information using redundant fields of each protocol layer. In terms of detection methods, timing-based channels are identified through statistical analysis of traffic patterns combined with machine learning models. Conversely, storage-based channels are typically uncovered by implementing protocol compliance verification and deep packet inspection of header fields and payload data. This survey investigates the evolution path of network covert channel construction and detection technologies in details, providing a theoretical foundation for the design of future network covert communication solutions.
AB - Network covert channels facilitate the transmission of secret information in an undetectable manner. In this survey, we systematically study fundamental concepts, construction techniques, and detection methods of network covert channels. The channels are categorized into two types, namely, storage-based covert channels and timing-based covert channels. The former utilizes redundancy in protocol fields to embed information, while the latter transmits data by modulating traffic intervals. The timing-based channel primarily enhances concealment by adjusting the packet intervals and integrating protocol features, while the storage-based channel embeds information using redundant fields of each protocol layer. In terms of detection methods, timing-based channels are identified through statistical analysis of traffic patterns combined with machine learning models. Conversely, storage-based channels are typically uncovered by implementing protocol compliance verification and deep packet inspection of header fields and payload data. This survey investigates the evolution path of network covert channel construction and detection technologies in details, providing a theoretical foundation for the design of future network covert communication solutions.
KW - construction
KW - covert channel
KW - covert communication
KW - detection
UR - http://www.scopus.com/inward/record.url?scp=105007539908&partnerID=8YFLogxK
U2 - 10.1109/BigDataSecurity66063.2025.00026
DO - 10.1109/BigDataSecurity66063.2025.00026
M3 - Conference contribution
AN - SCOPUS:105007539908
T3 - Proceedings - 2025 IEEE 11th Conference on Big Data Security on Cloud, BigDataSecurity 2025
SP - 145
EP - 153
BT - Proceedings - 2025 IEEE 11th Conference on Big Data Security on Cloud, BigDataSecurity 2025
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 9 May 2025 through 11 May 2025
ER -