Design and performance evaluation of reversible network covert channels

Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI:10.1145/3407023.3409215

Przemysław Szary, W. Mazurczyk, S. Wendzel, L. Caviglione

{"title":"Design and performance evaluation of reversible network covert channels","authors":"Przemysław Szary, W. Mazurczyk, S. Wendzel, L. Caviglione","doi":"10.1145/3407023.3409215","DOIUrl":null,"url":null,"abstract":"Covert channels nested within network traffic are important tools for allowing malware to act unnoticed or to stealthily exchange and exfiltrate information. Thus, understanding how to detect or mitigate their utilization is of paramount importance, especially to counteract the rise of increasingly sophisticated threats. In this perspective, the literature proposed various approaches, including distributed wardens, which can be used to collect traffic in different portions of the network and compare the samples to check for discrepancies revealing hidden communications. However, the use of some form of reversibility, i.e., being able to restore the exploited network carrier to its original form before the injection, can challenge such a detection scheme. Therefore, in this work we introduce and evaluate the performances of different techniques used to endow network covert channels with reversibility. Results indicate the feasibility of achieving reversibility but the used protocol plays a major role.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3407023.3409215","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Covert channels nested within network traffic are important tools for allowing malware to act unnoticed or to stealthily exchange and exfiltrate information. Thus, understanding how to detect or mitigate their utilization is of paramount importance, especially to counteract the rise of increasingly sophisticated threats. In this perspective, the literature proposed various approaches, including distributed wardens, which can be used to collect traffic in different portions of the network and compare the samples to check for discrepancies revealing hidden communications. However, the use of some form of reversibility, i.e., being able to restore the exploited network carrier to its original form before the injection, can challenge such a detection scheme. Therefore, in this work we introduce and evaluate the performances of different techniques used to endow network covert channels with reversibility. Results indicate the feasibility of achieving reversibility but the used protocol plays a major role.

查看原文本刊更多论文

可逆网络隐蔽信道的设计与性能评价

嵌套在网络流量中的隐蔽通道是允许恶意软件不被注意或秘密交换和泄露信息的重要工具。因此，了解如何检测或减少它们的使用是至关重要的，尤其是在应对日益复杂的威胁时。从这个角度来看，文献提出了各种方法，包括分布式监狱长，可用于收集网络不同部分的流量，并比较样本以检查揭示隐藏通信的差异。然而，使用某种形式的可逆性，即能够将被利用的网络载体恢复到注入之前的原始形式，可能会挑战这种检测方案。因此，在这项工作中，我们介绍并评估了用于赋予网络隐蔽信道可逆性的不同技术的性能。结果表明实现可逆性是可行的，但所使用的协议起主要作用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 15th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量