Abstract
A covert channel is any methodology of communication that`s accustomed illicitly transfer data, so breaking the protection policy of a system. A network covert channel is a covert communication by hiding covert messages in to overt network packets. Any shared resource will probably used as a covert channel. In recent years with the development of various hiding methods, network covert channel has become a new kind of threat for network security. A covert channel is an unintended design within legitimate communication whose motto is to leak information as a part of rudimentary protocols. In fact, most detection systems can detect hidden data in the payload, but struggle to cope with data hidden in the IP and TCP packet headers. The vast number of protocols in internet seems ideal as a high-bandwidth vehicle for covert communication. Due to unwanted and malicious nature of covert channel applications and as it poses a serious security threat to network, it is recommended to detect covert channels efficiently. This paper presents a review of TCP/IP covert channel design and their detection scheme and presents a proposed method based on Naïve-Bayesian classifier to detect covert channels in TCP ISN and IP ID fields of TCP/IP packet.