bccstego: A Framework for Investigating Network Covert Channels
Description
Modern malware increasingly exploits information hiding to re- main undetected while attacking. To this aim, network covert chan- nels, i.e., hidden communication paths established within legitimate flows, can be used to exfiltrate data or exchange commands with- out getting noticed by firewalls, antivirus, and intrusion detection systems. Since the secret data can be directly injected in various portions of the stream or encoded via suitable alterations of the traffic, spotting hidden communications is a challenging and poorly generalizable task. Moreover, the majority of works addressed IPv4, thus leaving the detection of covert channels targeting IPv6 almost unexplored.
This paper presents bccstego, i.e., an inspection framework for computing statistical indicators to reveal covert channels targeting the IPv6 header. The proposed approach has been designed to be easily extended, for instance to search for channels not known a priori. Numerical results demonstrate the effectiveness of our first tool in the bccstego framework as well as its ability to handle high-throughput IPv6 flows without adding additional delays.
Files
ares21-1.pdf
Files
(661.4 kB)
Name | Size | Download all |
---|---|---|
md5:cbaf7b4d82c3baee170b60e0c0116168
|
661.4 kB | Preview Download |
Additional details
Funding
- ASTRID – AddreSsing ThReats for virtualIseD services 786922
- European Commission
- GUARD – A cybersecurity framework to GUArantee Reliability and trust for Digital service chains 833456
- European Commission
- SIMARGL – Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware 833042
- European Commission