الفهرس 
: IntroductionOnly 14 pages are availabe for public view
 |  | from | 108 |  |  |
| | | from | 108 | | |
Abstract
Randomly generated IP Identification (IP ID) header field could be exploited as a hidden data carrier resulting in a covert channel. The thesis evaluates the anomaly effects of the entropy and the hidden bits of the IP ID covert channel on its detection using support vector machine (SVM). Then, the thesis proposes a new method for reshaping the entropy feature of the IP ID covert channel (REIPIC) to investigate this reshaping effect on the IP ID covert channel detection. REIPIC iteratively treats the frequencies of occurrence pattern of the values in the IP ID field within a sliding window of a specific size of the covert channel, to resemble their counterparts in the normal case. Then, an entropy-based SVM classifier that respects the real-time detection considerations is used to evaluate the REIPIC impacts on the IP ID covert channel detection, and to decide the termination of the REIPIC iterative procedure when reaching certain detection threshold of the classifier. Results prove that REIPIC reshaped the IP ID covert channel gradually to act normally and undetectable. REIPIC contributes declaring the new frequencies of occurrence matrix and identifying a conceptual reshaping framework that could be invested in various random variable pattern adaptation applications.