PSCAN : a port scanning network covert channel

Mohamed, Emad Eldin
Mnaouer, Adel Ben
Barka, Ezedin
Journal Title
Journal ISSN
Volume Title
IEEE Computer Society
This paper introduces PSCAN, a port scanning-based network covert channel that violates non-discretionary system security policy that does not allow data transfer from a given process (the sender) to another given process (the receiver). Using PSCAN, the sender opens and closes network ports in a way that encodes covert data. The receiver performs a synchronized port scanning procedure on the sender's host to determine which ports are open and which ones are closed then decodes the data. The paper defines the covert channel and analyzes its data rate, stealthiness, and robustness. In addition, the paper investigates countermeasures against the channel. © 2016 IEEE.
This conference paper is not available at CUD collection. The version of scholarly record of this conference paper is published in 2016 IEEE 41st Conference on Local Computer Networks (LCN) (2016), available online at:
Computer networks, Data transfer, Scanning, Covert channel, Information hiding, ITS data, Network covert channel, Port scanning, System security, Network security
Mohamed, E. E., Mnaouer, A. B., & Barka, E. (2016). PSCAN: A port scanning network covert channel. In Proceedings - Conference on Local Computer Networks, LCN (pp. 631–634).