Hello security folks
I'm new to this forum and I hope to be a permanent member
I'm working on a project where a detection system should be build to detect covert channels as many as the system can. I googled a lot about this topic and I found many research papers and some of them have very promising results.
One of the solutions was to use SVM to detect IPID and ISN covert channels. Another solution was Snort. Also, there are many many other solutions such as statistical detection entropy detection and ,,, etc.. most are theoritical
Here are my questions that I hope someone share with me the opinions:
To build one system, is it better to use one detection technique like the SVM for most the covert channels or implement more than one approach in one system. If so, is it feasible?
This is my first Covert Channel project and I'm not expert so :S
I would appreciate a good response and some discussion