Many covert channels take advantages of weaknesses, flaws, or unused data fields in network protocols. In this paper, a behavior-based covert channel, that takes advantages of behavior of an application, is presented along with a formal definition in the framework of finite state machines. The behavior-based covert channel is application specific and lies at the application layer of the network OSI model, which makes the detection of this type of covert channel much more difficult. A detailed sample implementation demonstrates an example of this type of covert channel in the form of a simple online two-person game. The potential of this type of covert channel is also discussed.

Date of creation, presentation, or exhibit



Proceedings of the 4th International ISKE Conference on Intelligent Systems and Knowledge Engineering
Hasselt, Belgium, 27 – 28 November 2009

Electronic version of an article published as World Scientific Proceedings Series on Computer Engineering and Information Science, 2, 2009, 311-318. © 2009 World Scientific Publishing Company

Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in February 2014.

Document Type

Conference Paper

Department, Program, or Center

Department of Computing Security (GCCIS)


RIT – Main Campus