Details
| DOI: | 10.1145/3407023.3409215 |
|---|---|
| Publication type: | Conference paper |
| Conference: | ARES 2020: International Conference on Availability, Reliability and Security |
| Location: | Virtual |
| Online publication date: | 2020-08-26 |
Abstract
Covert channels nested within network traffic are important tools for allowing malware to act unnoticed or to stealthily exchange and exfiltrate information. Thus, understanding how to detect or mitigate their utilization is of paramount importance, especially to counteract the rise of increasingly sophisticated threats. In this perspective, the literature proposed various approaches, including distributed wardens, which can be used to collect traffic in different portions of the network and compare the samples to check for discrepancies revealing hidden communications. However, the use of some form of reversibility, i.e., being able to restore the exploited network carrier to its original form before the injection, can challenge such a detection scheme. Therefore, in this work we introduce and evaluate the performances of different techniques used to endow network covert channels with reversibility. Results indicate the feasibility of achieving reversibility but the used protocol plays a major role.
Authors
- Przemysław Szary
This email address is being protected from spambots. You need JavaScript enabled to view it.
Warsaw University of Technology
Warsaw, Poland - Wojciech Mazurczyk
This email address is being protected from spambots. You need JavaScript enabled to view it.
Warsaw University of Technology
Warsaw, Poland - Steffen Wendzel
This email address is being protected from spambots. You need JavaScript enabled to view it.
Worms University of Applied Science
Worms, Germany - Luca Caviglione
This email address is being protected from spambots. You need JavaScript enabled to view it.
National Research Council of Italy
Genoa, Italy