Details
| DOI: | 10.1145/3465481.3470067 |
|---|---|
| Publication type: | Conference paper |
| Conference: | ARES 2021: International Conference on Availability, Reliability and Security |
| Location: | Virtual |
| Online publication date: | 2021-08-17 |
Abstract
The increasing diffusion of malware endowed with steganographic and cloaking capabilities requires tools and techniques for conducting research activities, testing real deployments and elaborating mitigation mechanisms. To investigate attacks targeting network and appliances, a core requirement concerns the availability of suitable traffic traces, which can be used to derive mathematical models for simulation or to develop machine-learning-based countermeasures. Unfortunately, the young nature of threats injecting secrets or cloaking their presence within network traffic, the high protocol-dependent nature of the various embedding processes, and privacy issues, prevent the vast diffusion of datasets to perform research. Therefore, in this paper we present pcapStego, a tool for creating network covert channels within .pcap files. This approach has two major advantages: it allows to prepare large datasets starting from real network traces, and it generates “replayable” conversations useful for both emulating attacks or conduct pentesting campaigns. To prove the effectiveness of the tool, we showcase the generation of network covert channels targeting IPv6 traffic, which is gaining momentum and it is expected to be a major target for future attacks.
Authors
- Marco Zuppelli
This email address is being protected from spambots. You need JavaScript enabled to view it.
National Research Council of Italy
Genoa, Italy - Luca Caviglione
This email address is being protected from spambots. You need JavaScript enabled to view it.
National Research Council of Italy
Genoa, Italy