Detecting Covert Links in Instant Messaging Networks using Flow Level Log Data

Principal Investigator’s Organization (PIO):

School of Electrical Engineering & Computer Science, NUST, Islamabad

Principal Investigator (PI):

Dr. Usman Ilyas

Summary

The purpose of this project was to develop a capability to identify the remote party to an Instant messaging (IM) chat session. Online IM networks – such as AIM, MSN messenger, Yahoo! messenger, Skype, IRC, and ICQ – are convenient and popular tools to communicate with other people over the Internet. However, they are also increasingly used by terrorists to communicate over the Internet. The developed prototype is a software application that monitors incoming and outgoing traffic from a network at a gateway by means of a mirrored port.
This developed software can perform time frequency analysis of individual TCP sessions in order to identify covert communication channels whose traffic do not explicitly identify the end points.