Academia.edu no longer supports Internet Explorer.
To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to upgrade your browser.
2015, Pattern-based Survey and Categorization of Network Covert Channel Techniques
Applied Sciences
Trends and Challenges in Network Covert Channels Countermeasures2021 •
Network covert channels are increasingly used to endow malware with stealthy behaviors, for instance to exfiltrate data or to orchestrate nodes of a botnet in a cloaked manner. Unfortunately, the detection of such attacks is difficult as network covert channels are often characterized by low data rates and defenders do not know in advance where the secret information has been hidden. Moreover, neutralization or mitigation are hard tasks, as they require to not disrupt legitimate flows or degrade the quality perceived by users. As a consequence, countermeasures are tightly coupled to specific channel architectures, leading to poorly generalizable and often scarcely scalable approaches. In this perspective, this paper investigates trends and challenges in the development of countermeasures against the most popular network covert channels. To this aim, we reviewed the relevant literature by considering approaches that can be effectively deployed to detect general injection mechanisms or threats observed in the wild. Emphasis has been put on enlightening trajectories that should be considered when engineering mitigation techniques or planning the research to face the increasing wave of information-hiding-capable malware. Results indicate that many works are extremely specialized and an effective strategy for taming security risks caused by network covert channels may benefit from high-level and general approaches. Moreover, mechanisms to prevent the exploitation of ambiguities should be already considered in early design phases of both protocols and services.
Abstract - Sensitive information leakage is increasing due to wide spread use of internet and technology. The attackers find new ways to exfiltrate data that pose threat to data security and privacy. Here our focus is on the covert information leakage over the network that exploits the various network protocols and their behavior. Information leak over covert channels exploit a variety of protocols of network protocols including Wireless, mobile and virtualized cloud platforms etc. Current network security solutions like IDS, IPS, firewalls etc. are not designed to handle these type of attacks. These type of attacks are dynamic in nature and mimics the legitimate traffic behavior, there by posing a challenge to detect and prevent. This article presents comprehensive review of the network covert channel, design, detection and mitigation. We have reviewed the classification of covert channels based on the attacks.
Within the last years, new techniques for network covert channels arose, such as covert channel overlay networking, protocol switch- ing covert channels, and adaptive covert channels. These techniques have in common that they rely on covert channel-internal control protocols (so called micro protocols) placed within the hidden bits of a covert chan- nel’s payload. An adaptable approach for the engineering of such micro protocols is not available. This paper introduces a protocol engineering technique for micro protocols. We present a two-layer system comprising six steps to create a micro protocol design. The approach tries to combine different goals: (1) simplicity, (2) ensuring a standard-conform behaviour of the underlying protocol if the micro protocol is used within a binary protocol header, as well as we provide an optimization technique to (3) raise as little attention as possible. We apply a context-free and regular grammar to analyze the micro protocol’s behavior within the context of the underlying network protocol.
—Covert channels is a vital setup in the analyzing the strength of security in a network. Covert Channel is illegitimate channeling over the secured channel and establishes a malicious conversation. The trapdoor set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall. This is due to the intricate covert schemes that enable to build robust covert channel over the network. From an attacker's perspective this will ameliorate by placingmultiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of " Hybrid Covert Channel", where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect suchevent is complicated due to lack of knowledge over the different covert schemes. Exploring all the clandestine schemes used in formation of Hybrid Covert Channel would assist in understanding the complete search space of the covert possibilities and thereby improving the knowledgeof detection engine. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The paper sets itself an objective to understand the different covert schemes and their usage in different trapdoors.
IEEE INFOCOM 2009 - The 28th Conference on Computer Communications
Building Covert Channels over the Packet Reordering Phenomenon2009 •
Covert channels use stealth communications to compromise the security policies of systems. They constitute an important security threat since they can be used to exfiltrate confidential data from networks. TCP/IP protocols are used everyday and are subject to covert channels problems. Covert channels are used for the secret transfer of information. Encryption only protects communication from being decoded by unauthorized parties, whereas covert channels aim to hide the very existence of the communication. Initially, covert channels were identified as a security threat on monolithic systems i.e. mainframes. More recently focus has shifted towards covert channels in computer network protocols. The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication. The aim of this paper is to give an overview of covert channels in TCP/IP networks. We briefly describe the TCP and IP protocols, present the different types of covert channels and the methods to set them up in TCP/IP networks; then we study the existing methods to detect and eliminate covert channels.
IEEE Transactions on Dependable and Secure Computing
Weaknesses of popular and recent covert channel detection methods and a remedy2023 •
Network covert channels are applied for the secret exfiltration of confidential data, the stealthy operation of malware, and legitimate purposes, such as censorship circumvention. In recent decades, some major detection methods for network covert channels have been developed. In this paper, we investigate two highly cited detection methods for covert timing channels, namely ϵ-similarity and compressibility score from Cabuk et al. (jointly cited by 930 papers and applied by thousands of researchers). We additionally analyze two recent ML-based detection methods: GAS (2022) and SnapCatch (2021). While all these detection methods must be considered valuable for the analysis of typical covert timing channels, we show that these methods are not reliable when a covert channel's behavior is slightly modified. In particular, we demonstrate that when confronted with a simple covert channel that we call ϵ-κlibur, all detection methods can be circumvented or their performance can be significantly reduced although the covert channel still provides a high bitrate. In comparison to previous timing channels that circumvent these methods, ϵ-κlibur is much simpler and eliminates the need of altering previously recorded traffic. Moreover, we propose an enhanced ϵ-similarity that can detect the classical covert timing channel as well as ϵ-κlibur.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.
2014 •
2017 •
Active and Passive Electronic Components
Active and Passive Realization of Fractance Device of Order 1/22008 •
2013 •
Anuario de Estudios Medievales
Aproximació a les fonts fiscals de la Catalunya baixmedieval: llibres d'estimes, valies i manifests2020 •
Annals of Entomology
TAXONOMIC STUDIES OF RACHIA STRIATA HAMPSON (PERIERGOSINAE: NOTODONTIDAE: LEPIDOPTERA) FROM INDIA2020 •
Hepatology International
Prevalence of hepatitis B virus genotype B in Vietnamese patients with chronic hepatitis B2009 •
Journal of Biomechanics
In-shoe plantar tri-axial stress profiles during maximum-effort cutting maneuvers2014 •
Proc. of the 5th …
Superconducting RF System for the CESR Luminosity Upgrade: Design, Status, and Plans1996 •
Computers in Industry
Open standard, open source and peer-to-peer tools and methods for collaborative product development2005 •
Journal of Agricultural Socio-Economics (JASE)
Faktor Keputusan Belanja Online Produk Pertanian Dan Non-Pertanian2000 •
International Journal of Environmental Research and Public Health
The Relationship between Organizational Environment and Perpetrators' Physical and Psychological State: A Three-Wave Longitudinal Study2022 •
2014 •
Toxicological Sciences
Genomic Profiling Uncovers a Molecular Pattern for Toxicological Characterization of Mutagens and Promutagens In Vitro2011 •
2014 •
Comptes Rendus. Chimie
On the regioselective molecular sieves-promoted oxidative three-component synthesis of fused-benzimidazoles from β-ketoesters2022 •
2018 •
Neurophysiology
Microglial cells of the rat brain in postnatal period (comparative immunocytochemical analysis)1997 •
Estudos Tecnológicos em Engenharia
Integridade superficial resultante de diferentes processos de usinagem2010 •
Journal of Animal Breeding and Genetics
Genetic evaluation of Atlantic salmon for growth traits incorporating SNP markers2018 •