**Abstract**

In this chapter, we consider the possibility of hidden data. Since today all network services rely on the basic protocols, the use of untestable and redundant fields may become a big problem. All of the modern data protocols have vulnerabilities. An attacker can use the reserved fields or field use undocumented way. Depending on the data transmission method and detection mechanisms, the technology for assessing the possibility of transmitting hidden information is changing. The work is of great practical interest for the implementation of systems to detect and prevent intrusions and data leaks in it. The authors determine the possibility of transmission and detection sends using a comparative evaluation of the fields in the packet with the values recommended in the standard protocol.

**Keywords:** network protocols, transport protocols, network analyze, network security

## **1. Introduction**

Network steganography—type of steganography, in which secret data carriers use the network protocols of the OSI reference model—the open systems interconnection network model. In general, network steganography is a family of methods for modifying data in the headers of network protocols and in the payload fields of packets, changing the structure of packet transmission and hybrid methods in a particular network protocol (and sometimes several at once).

The transfer of hidden data in network steganography is carried out through hidden channels. The term "covert channel" introduced by Simmons in 1983 determined that the problem of information leakage is not limited to the use of software. A covert channel can exist in any open channel in which there is some redundancy. The hidden data is called steganogram. They are located in a specific carrier (carrier).

In network steganography, the role of the carrier is carried out by the packet transmitted over the network. The main parameters of network steganography are the bandwidth, covert channel, probability of detection, and steganographic cost. Bandwidth is the amount of secret data that can be sent per unit of time. The probability of detection is determined by the possibility of detecting a steganogram in a particular carrier. The most popular way to detect a steganogram is to analyze the statistical properties of the data obtained and compare them with typical values for this carrier. Steganographic cost characterizes the degree of change in the carrier after exposure to the steganographic method.
