Skip to Main Content
Network covert channels enable hidden communication and can be used to break security policies. Within the last years, new techniques for such covert channels arose, including protocol switching covert channels (PSCCs). PSCCs transfer hidden information by sending network packets with different selected network protocols. In this paper we present the first detection methods for PSCCs. We show that the number of packets between network protocol switches and the time between switches can be monitored to detect PSCCs with 98-99% accuracy for bit rates of 4 bits/second or higher.