Improving Intrusion Detection Method for Covert Channel in TCP/IP Network

Network security mainly involves authorization of access to data in a network, which is controlled by the network administrator. Networks can be private as well as public access. An anomaly-based intrusion detection system will monitor the network traffic and log audit purposes then for later high-level analysis. Communication between two hosts using a network mainly involves encryption and decryption to maintain privacy. Covert channels are one of the malicious conversations in a legitimate secured network communication that violates the security policies. Covert channels are used for the secret transfer of information but they are differing from encryption. Encryption only protects communication from being decoded by unauthorized parties, whereas covert channels aim to hide the very existence of the communication. They allow individuals to communicate truly undetectable and exchange hidden information. The huge amount of data and vast number of different protocols in the internet seems ideal as a high-bandwidth vehicle for covert communication. Phase space reconstruction method creates a processing space for detecting covert channels in TCP ISNs. Based on this model, a classification algorithm is developed to identify the existence of information hidden in ISNs. In proposed method a new detection method with more efficiency is implemented by using ACO Algorithm.