Abstract
We propose a theoretical framework for a network covert channel based on enumerative combinatorics. It offers protocol independence and avoids detection by using a mimicry defense. Using a network monitoring phase, traffic is analyzed to detect which application-layer protocols are allowed through the firewalls. Using these results, a covert channel is built based on permutations of benign network objects, such as FTP commands and HTTP requests to different web servers. Any protocol that offers reliability guarantees can be plugged into the framework. This includes any protocol that is built on top of the TCP protocol. The framework closely mimics the behavioral statistics of the legitimate traffic, making the covert channel very hard to detect. © Springer-Verlag 2012.
Author supplied keywords
Cite
CITATION STYLE
Swinnen, A., Strackx, R., Philippaerts, P., & Piessens, F. (2012). ProtoLeaks: A reliable and protocol-independent network covert channel. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7671 LNCS, pp. 119–133). https://doi.org/10.1007/978-3-642-35130-3_9
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
