How to Make an Intrusion Detection System Aware of Steganographic Transmission

Download paper Download (from journal)

Details

DOI: 10.1145/3487405.3487421
Publication type: Conference paper
Conference: EICC 2021: European Interdisciplinary Cybersecurity Conference
Location: Virtual
Online publication date: 2021-11-10

Abstract

Information hiding techniques are becoming a major threat in network communication. This paper describes how to modify an intrusion detection system (IDS) to detect certain types of steganography. As a sample IDS we use open-source Zeek software. We show how to adapt it for the purpose of steganalysis. Additionally, we propose a set of validation tests that are suitable for detecting steganography and describe how they were applied to different types of covert channels. We also suggest how to build a steganography detection system by integrating Zeek with a security information and event management system with log and alert support. The scripts are freely available for download.

Authors

  • Tomasz Koziak
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Warsaw University of Technology
    Warsaw, Poland
  • Katarzyna Wasielewska
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Warsaw University of Technology
    Warsaw, Poland
  • Artur Janicki
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Warsaw University of Technology
    Warsaw, Poland