Many covert channels take advantages of weaknesses, flaws, or unused data fields in network protocols. In this paper, a behavior-based covert channel, that takes advantages of behavior of an application, is presented along with a formal definition in the framework of finite state machines. The behavior-based covert channel is application specific and lies at the application layer of the network OSI model, which makes the detection of this type of covert channel much more difficult. A detailed sample implementation demonstrates an example of this type of covert channel in the form of a simple online two-person game. The potential of this type of covert channel is also discussed.
Date of creation, presentation, or exhibit
Department, Program, or Center
Department of Computing Security (GCCIS)
Johnson, Daryl; Yuan, Bo; and Lutz, Peter, "Behavior-based covert channel in cyberspace" (2009). Accessed from
RIT – Main Campus