Document Type : Research Article


1 Department of Engineering & Technology Alzahra university

2 Department of Engineering & Technology Alzahra uuniversity


In network steganography methods based on packet length, the length of the packets is used as a carrier for exchanging secret messages. Existing methods in this area are vulnerable against detections due to abnormal network traffic behaviors. The main goal of this paper is to propose a method which has great resistance to network traffic detections. In the first proposed method, the sender embeds a bit of data in each pair that includes two non-identical packet lengths. In the current situation, if the first packet length of the pair is larger than the second one, it shows a ‘1’ bit and otherwise, it shows a ‘0’ bit. If the intended bit of the sender is in conflict with the current status, he/she will create the desired status by swapping the packet lengths. In this method, the paired packets can be selected freely, but in the second proposed method, the packets are divided into buckets and only packets within a single bucket can be paired together. In this case, the embedding method is similar to the previous one. The results show that the second method, despite having low embedding capacity, will be more secure in real traffic compared to the other methods. Since the packet lengths of UDP protocol are more random in comparison to TCP, the proposed methods have higher embedding capacity and they are more secure for UDP-based packets. However, these methods are only applicable to the protocols in which the packet length has not a constant value.


[1] J. Lubacz, W. Mazurczyk, and K. Szczypiorski. Principles and overview of network steganography. 2015.
[2] B.G. Banik and S.K. Bandyopadhyay. Review on steganography in digital media. International Journal of Science and Research (IJSR), 4:1–10, 2015.
[3] A.P. Dhamade and K.J. Panchal. Packet data based network steganography. International Journal of Advance Engineering and Research Development, 2(5):1520–1526, 2015.
[4] W. Mazurczyk, S. Wendzel, S. Zander, A. Houmansadr, and K. Szczypiorski. Information hiding in communication networks: Fundamentals, mechanisms, applications and countermeasures. In IEEE Press Series on Information & Communication Networks Security, 2016.
[5] F. Petitcolas, R. Anderson, and M. Kuhn. Information hiding: a survey. IEEE. Special Issue on Protection of Multimedia Content, 87(7):1062 – 1078, July 1999. [6] S. Zander, G. Armitage, and P. Branch. A survey of covert channels and countermeasures in computer network protocols. IEEE Commun Surv Tutor, 9(3):44–57, 2007.
[7] B.Lampson. Anoteontheconfinementproblem. , 16(10):613–615, 1973.
[8] DoD Orange Book. National computer security center, us DoD,. In Trusted Computer System Evaluation Criteria, , Tech. Rep. DOD 5200.28STD, 1985.
[9] W. Mazurczyk. VoIP steganography and its detection – A survey. 2012.
[10] J.P.Black.Techniquesofnetworksteganography and covert channels. In PhD diss., Sciences, 2013.
[11] W. Fraczek, W. Mazurczyk, and K. Szczypiorski. Multi-level steganography: Improving hidden communication. In Networks, 2011.
[12] S. Wendzel, M. Wojciech, and Z. Sebastian. Unified description for network information hiding methods. J. UCS 22.11, pages 1456–1486, 2016.
[13] A.Stančić,I.Grgurevic,andV.Vyroubal. Usage of the steganography within highway informationandcommunicationnetwork. In4th International Virtual Research Conference In Technical Disciplines (RCITD), 2016.
[14] M.M. Pontón Loaiza. Steganography using rtp packets. In University of Abertay Dundee, Dundee, 2014.
[15] A. Swinnen, R. Strackx, P. Philippaerts, and F. Piessens. Protoleaks: A reliable and protocolindependent network covert channel. In International Conference on Information Systems Security, pages 119–133, 2012.
[16] W. Mazurczyk and J. Lubacz. LACK: a VoIP steganographic method. Telecommunication Systems: Modelling, Analysis, Design and Management, 45(2–3):153–163, 2010.
[17] W. Mazurczyk, J. Lubacz, and K. Szczypiorski. Onsteganographyinlostaudiopackets. InInternational Journal of Security and Communication Networks, 2012.
[18] W. Mazurczyk, M. Smolarczyk, and K. Szczypiorski. On information hiding in retransmissions. Telecommunication Systems, 52(2):1113– 1121, 2013.
[19] B. Jankowski, W. Mazurczyk, and K. Szczypiorski. PadSteg: Introducing inter-protocol steganography. Telecommunication Systems, 52(2):1101–1111, 2013.
[20] V. Sabeti and M. Shoaei. Network steganography based on PVD idea. In 8th International Conference on Computer and Knowledge Engineering (ICCKE), 2018.
[21] M.A. Padlipsky, D.W. Snow, and P.A. Karger. Limitations of end-to-end encryption in secure computer networks. In Tech. Rep. ESD-TR-78158, Mitre Corporation, 1978.
[22] C.G. Girling. Covert channels in LAN’s. IEEE Trans. Software Engineering, 13(2):292– 296, 1987.
[23] Q. Yao and P. Zhang. Coverting channel based on packet length. Computer Engineering, 34(3), 2008.
[24] J. Liping, J. Wenhao, and D. Benyang. A novel covert channel based on length of messages. In International Conference on e-Business and Information System Security, 2009. [25] J. Liping, H. Liang, Y. Song, and X. Niu. A normal-traffic network covert channel. In Computational Intelligence and Security, pages 499– 503, 2009.
[26] A.S. Nair, A. Kumar, A. Sur, and S. Nandi. Length based network steganography using udp protocol. In In Communication Software and Networks (ICCSN), IEEE 3rd Intl. Conf., pages 726–730, 2011.
[27] O.I. Abdullaziz, V.T. Goh, and H.C. Ling. Network packet payload parity based steganography. In IEEE Conference on Sustainable Utilization and Development in Engineering and Technology, 2013.
[28] L. Zhang, G. Liu, and Y. Dai. Network packet length covert channel based on empirical distribution function. Journal of Networks, 9(6), 2014.
[29] M.A.ElsadigandY.A.Fadlalla.Surveyoncovert storage channel in computer network protocols: Detection and mitigation techniques. International Journal of Advances in Computer Networks and Its Security, 6(3):11–17, 2016.
[30] M.A. Elsadig and Y.A. Fadlalla. Packet length covert channel: A detection scheme. 1st International Conference on Computer Applications & Information Security (ICCAIS), pages 1–7, 2018.
[31] R. Goudar and A. Patil. Packet length based steganography detection in transport layer. International Journal of Scientific and Research Publications, 2(12), 2012.
[32] A. Sur, A.S. Nair, and A. Kumar. Steganalysis of network packet length based data hiding. Circuits, Systems, and Signal Processing, pages 1–18, 2012.
[33] M.A. Elsadig and Y.A. Fadlalla. A balanced approachtoeliminatepacketlength-basedcovert channels. 4th IEEE International Conference on Engineering Technologies and Applied Sciences (ICETAS), pages 1–7, 2017.