Analysis of Reversible Network Covert Channels

4Citations
Citations of this article
9Readers
Mendeley users who have this article in their library.

Abstract

In the last years, the utilization of information hiding techniques for empowering modern strains of malware has become a serious concern for security experts. Such an approach allows attackers to act in a stealthy manner, for instance, to covertly exfiltrate confidential data or retrieve additional command control payloads for the operation of malware. Therefore, the deep understanding of data hiding mechanisms is a core requirement, as it allows designing effective countermeasures. Unfortunately, the most recent evolution of information-hiding-capable threats enjoys reversible properties, i.e., the abused network flow is restored to its original form. Hence, detection approaches based on the comparison of different traffic samples may not work anymore. In this paper, we further investigate various methods for performing reversible data hiding for network covert channels. Specifically, we extend our previous research by considering different scenarios focusing on IPv4 traffic and HTTP conversations. The results confirm that reversibility can be used in various network conditions and is not impaired by middleboxes. In addition, engineering countermeasures or mitigation techniques could be difficult, thus requiring to consider reversible mechanisms already in the early design stages of a protocol/deployment.

Cite

CITATION STYLE

APA

Szary, P., Mazurczyk, W., Wendzel, S., & Caviglione, L. (2022). Analysis of Reversible Network Covert Channels. IEEE Access, 10, 41226–41238. https://doi.org/10.1109/ACCESS.2022.3168018

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free