{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T13:14:02Z","timestamp":1775913242026,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2004,10,25]],"date-time":"2004-10-25T00:00:00Z","timestamp":1098662400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2004,10,25]]},"DOI":"10.1145\/1030083.1030108","type":"proceedings-article","created":{"date-parts":[[2005,1,30]],"date-time":"2005-01-30T17:55:16Z","timestamp":1107107716000},"page":"178-187","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":284,"title":["IP covert timing channels"],"prefix":"10.1145","author":[{"given":"Serdar","family":"Cabuk","sequence":"first","affiliation":[{"name":"Purdue University"}]},{"given":"Carla E.","family":"Brodley","sequence":"additional","affiliation":[{"name":"Tufts University"}]},{"given":"Clay","family":"Shields","sequence":"additional","affiliation":[{"name":"Georgetown University"}]}],"member":"320","published-online":{"date-parts":[[2004,10,25]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"IP checksum covert channels and selected hash collision. Technical report","author":"Abad Christopher","year":"2001","unstructured":"Christopher Abad . IP checksum covert channels and selected hash collision. Technical report , 2001 . Christopher Abad. IP checksum covert channels and selected hash collision. Technical report, 2001."},{"key":"e_1_3_2_1_2_1","volume-title":"Covert channel analysis and data hiding in TCP\/IP. Master's thesis","author":"Ahsan Kamran","year":"2000","unstructured":"Kamran Ahsan . Covert channel analysis and data hiding in TCP\/IP. Master's thesis , University of Toronto , 2000 . Kamran Ahsan. Covert channel analysis and data hiding in TCP\/IP. Master's thesis, University of Toronto, 2000."},{"key":"e_1_3_2_1_3_1","volume-title":"Proc. Workshop on Multimedia Security at ACM Multimedia","author":"Ahsan Kamran","year":"2002","unstructured":"Kamran Ahsan and Deepa Kundur . Practical data hiding in TCP\/IP . In Proc. Workshop on Multimedia Security at ACM Multimedia , December 2002 . Kamran Ahsan and Deepa Kundur. Practical data hiding in TCP\/IP. In Proc. Workshop on Multimedia Security at ACM Multimedia, December 2002."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/258612.258631"},{"key":"e_1_3_2_1_5_1","volume-title":"Phase-locked loops: Design, simulation and applications","author":"Best Ronald E.","year":"2003","unstructured":"Ronald E. Best . Phase-locked loops: Design, simulation and applications . McGraw-Hill Professional , 5 th edition, 2003 . Ronald E. Best. Phase-locked loops: Design, simulation and applications. McGraw-Hill Professional, 5th edition, 2003.","edition":"5"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/166237.166256"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-94-011-7801-3"},{"key":"e_1_3_2_1_8_1","unstructured":"Cyber Defense Technology Experimental Research (DETER) network. http:\/\/www.isi.edu\/deter\/.  Cyber Defense Technology Experimental Research (DETER) network. http:\/\/www.isi.edu\/deter\/."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Daemon9. Project Loki. Phrack 49(6) August 1996.  Daemon9. Project Loki. Phrack 49(6) August 1996.","DOI":"10.1080\/00431672.1997.9925449"},{"key":"e_1_3_2_1_10_1","volume-title":"Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the HTTP protocol","author":"Dyatlov Alex","year":"2003","unstructured":"Alex Dyatlov and Simon Castro . Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the HTTP protocol . June 2003 . Alex Dyatlov and Simon Castro. Exploitation of data streams authorized by a network access control system for arbitrary data transfers: tunneling and covert channels over the HTTP protocol. June 2003."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1007\/3-540-36415-3_2","volume-title":"5th International Workshop on Information Hiding","volume":"2578","author":"Fisk Gina","year":"2002","unstructured":"Gina Fisk , Mike Fisk , Christos Papadopoulos , and Joshua Neil . Eliminating steganography in Internet traffic with active wardens . In 5th International Workshop on Information Hiding , volume 2578 , pages 18 -- 35 , October 2002 . Gina Fisk, Mike Fisk, Christos Papadopoulos, and Joshua Neil. Eliminating steganography in Internet traffic with active wardens. In 5th International Workshop on Information Hiding, volume 2578, pages 18--35, October 2002."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","first-page":"194","DOI":"10.1007\/3-540-36467-6_15","volume-title":"Workshop on Privacy Enhancing Technologies","volume":"2482","author":"Giffin John","year":"2002","unstructured":"John Giffin , Rachel Greenstadt , Peter Litwack , and Richard Tibbetts . Covert messaging through TCP timestamps . In Workshop on Privacy Enhancing Technologies , volume 2482 , pages 194 -- 208 , April 2002 . John Giffin, Rachel Greenstadt, Peter Litwack, and Richard Tibbetts. Covert messaging through TCP timestamps. In Workshop on Privacy Enhancing Technologies, volume 2482, pages 194--208, April 2002."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2002.801405"},{"key":"e_1_3_2_1_15_1","unstructured":"WAND Research group. NZIX-II trace archive data available at http:\/\/pma.nlanr.net\/traces\/long\/nzix2.html.  WAND Research group. NZIX-II trace archive data available at http:\/\/pma.nlanr.net\/traces\/long\/nzix2.html."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/49.68448"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 10th USENIX Security Symposium","author":"Handley Mark","year":"2001","unstructured":"Mark Handley and Vern Paxson . Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics . In Proceedings of the 10th USENIX Security Symposium , August 2001 . Mark Handley and Vern Paxson. Network intrusion detection: Evasion, traffic normalization, and end-to-end protocol semantics. In Proceedings of the 10th USENIX Security Symposium, August 2001."},{"key":"e_1_3_2_1_18_1","volume-title":"Covert channels provided hackers the opportunity and the means for the current distributed denial of service attacks. Technical report","author":"Henry Paul A.","year":"2000","unstructured":"Paul A. Henry . Covert channels provided hackers the opportunity and the means for the current distributed denial of service attacks. Technical report , 2000 . Paul A. Henry. Covert channels provided hackers the opportunity and the means for the current distributed denial of service attacks. Technical report, 2000."},{"key":"e_1_3_2_1_19_1","volume-title":"Countermeasures and tradeoffs for a class of covert timing channel. Technical report","author":"James W.","year":"1994","unstructured":"James W. Gray III. Countermeasures and tradeoffs for a class of covert timing channel. Technical report , 1994 . James W. Gray III. Countermeasures and tradeoffs for a class of covert timing channel. Technical report, 1994."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/882491.884234"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00139-0"},{"key":"e_1_3_2_1_22_1","first-page":"220","volume-title":"Proceeding of Recent Advances in Intrusion Detection (RAID)-2003","author":"Mahoney M","year":"2003","unstructured":"M Mahoney and P Chan . An analysis of the 1999 DARPA\/Lincoln Laboratory evaluation data for network anomaly detection . In Proceeding of Recent Advances in Intrusion Detection (RAID)-2003 , volume 2820 , pages 220 -- 237 , September 8-10 2003 . M Mahoney and P Chan. An analysis of the 1999 DARPA\/Lincoln Laboratory evaluation data for network anomaly detection. In Proceeding of Recent Advances in Intrusion Detection (RAID)-2003, volume 2820, pages 220--237, September 8-10 2003."},{"key":"e_1_3_2_1_23_1","volume-title":"December","author":"McHugh John","year":"1995","unstructured":"John McHugh . Covert channel analysis. Technical report , December 1995 . John McHugh. Covert channel analysis. Technical report, December 1995."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"key":"e_1_3_2_1_25_1","first-page":"1985","article-title":"Trusted computer system evaluation \"The Orange Book","author":"U.S. Department of Defense","year":"1985","unstructured":"U.S. Department of Defense . Trusted computer system evaluation \"The Orange Book \". DoD 5200.28-STD Washington: GPO : 1985 , 1985 . U.S. Department of Defense. Trusted computer system evaluation \"The Orange Book\". DoD 5200.28-STD Washington: GPO:1985, 1985.","journal-title":"DoD 5200.28-STD Washington: GPO"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.330413"},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy","author":"Phil","year":"1991","unstructured":"Phil A. Porras and Richard A. Kemmerer. Covert flow trees: A technique for identifying and analyzing covert storage channels . In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy , May 1991 . Phil A. Porras and Richard A. Kemmerer. Covert flow trees: A technique for identifying and analyzing covert storage channels. In Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, May 1991."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1049\/ip-com:19951799"},{"issue":"5","key":"e_1_3_2_1_29_1","article-title":"Covert channels in the TCP\/IP protocol suite","volume":"2","author":"Rowland C.","year":"1997","unstructured":"C. Rowland . Covert channels in the TCP\/IP protocol suite . First Monday: Peer-reviewed Journal on the Internet , 2 ( 5 ), 1997 . C. Rowland. Covert channels in the TCP\/IP protocol suite. First Monday: Peer-reviewed Journal on the Internet, 2(5), 1997.","journal-title":"First Monday: Peer-reviewed Journal on the Internet"},{"key":"e_1_3_2_1_30_1","volume-title":"IEEE International Symposium on Information Theory","author":"Sergio","year":"2001","unstructured":"Sergio D. Servetto and Martin Vetterli. Communication using phantoms: Covert channels in the Internet . In IEEE International Symposium on Information Theory , June 2001 . Sergio D. Servetto and Martin Vetterli. Communication using phantoms: Covert channels in the Internet. In IEEE International Symposium on Information Theory, June 2001."},{"key":"e_1_3_2_1_31_1","volume-title":"Covert shells","author":"Smith J. Christian","year":"2000","unstructured":"J. Christian Smith . Covert shells . SANS Institute Information Security Reading Room , November 2000 . J. Christian Smith. Covert shells. SANS Institute Information Security Reading Room, November 2000."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.1987.10014"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/321796.321811"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/RISP.1991.130767"}],"event":{"name":"CCS04: 11th ACM Conference on Computer and Communications Security 2004","location":"Washington DC USA","acronym":"CCS04","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control","ACM Association for Computing Machinery"]},"container-title":["Proceedings of the 11th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030108","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1030083.1030108","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T16:25:07Z","timestamp":1750263907000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1030083.1030108"}},"subtitle":["design and detection"],"short-title":[],"issued":{"date-parts":[[2004,10,25]]},"references-count":33,"alternative-id":["10.1145\/1030083.1030108","10.1145\/1030083"],"URL":"https:\/\/doi.org\/10.1145\/1030083.1030108","relation":{},"subject":[],"published":{"date-parts":[[2004,10,25]]},"assertion":[{"value":"2004-10-25","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}