Conference paper Open Access

bccstego: A Framework for Investigating Network Covert Channels

Repetto, Matteo; Caviglione, Luca; Zuppelli, Marco

Modern malware increasingly exploits information hiding to re- main undetected while attacking. To this aim, network covert chan- nels, i.e., hidden communication paths established within legitimate flows, can be used to exfiltrate data or exchange commands with- out getting noticed by firewalls, antivirus, and intrusion detection systems. Since the secret data can be directly injected in various portions of the stream or encoded via suitable alterations of the traffic, spotting hidden communications is a challenging and poorly generalizable task. Moreover, the majority of works addressed IPv4, thus leaving the detection of covert channels targeting IPv6 almost unexplored.

This paper presents bccstego, i.e., an inspection framework for computing statistical indicators to reveal covert channels targeting the IPv6 header. The proposed approach has been designed to be easily extended, for instance to search for channels not known a priori. Numerical results demonstrate the effectiveness of our first tool in the bccstego framework as well as its ability to handle high-throughput IPv6 flows without adding additional delays.

Files (661.4 kB)
Name Size
ares21-1.pdf
md5:cbaf7b4d82c3baee170b60e0c0116168
661.4 kB Download
10
5
views
downloads
All versions This version
Views 1010
Downloads 55
Data volume 3.3 MB3.3 MB
Unique views 88
Unique downloads 55

Share

Cite as