Articolo in rivista, 2021, ENG, 10.3390/app11041641
Luca Caviglione
Institute for Applied Mathematics and Information Technologies
Network covert channels are increasingly used to endow malware with stealthy behaviors, for instance to exfiltrate data or to orchestrate nodes of a botnet in a cloaked manner. Unfortunately, the detection of such attacks is difficult as network covert channels are often characterized by low data rates and defenders do not know in advance where the secret information has been hidden. Moreover, neutralization or mitigation are hard tasks, as they require to not disrupt legitimate flows or degrade the quality perceived by users. As a consequence, countermeasures are tightly coupled to specific channel architectures, leading to poorly generalizable and often scarcely scalable approaches. In this perspective, this paper investigates trends and challenges in the development of countermeasures against the most popular network covert channels. To this aim, we reviewed the relevant literature by considering approaches that can be effectively deployed to detect general injection mechanisms or threats observed in the wild. Emphasis has been put on enlightening trajectories that should be considered when engineering mitigation techniques or planning the research to face the increasing wave of information-hiding-capable malware. Results indicate that many works are extremely specialized and an effective strategy for taming security risks caused by network covert channels may benefit from high-level and general approaches. Moreover, mechanisms to prevent the exploitation of ambiguities should be already considered in early design phases of both protocols and services.
Applied sciences 11 (4), pp. 1–16
network covert channels, security, information hiding, detection, stegomalware
IMATI – Istituto di matematica applicata e tecnologie informatiche "Enrico Magenes"
ID: 444678
Year: 2021
Type: Articolo in rivista
Creation: 2021-02-11 14:45:03.000
Last update: 2021-05-18 12:59:56.000
CNR authors
External IDs
CNR OAI-PMH: oai:it.cnr:prodotti:444678
DOI: 10.3390/app11041641
ISI Web of Science (WOS): 000632074300001
Scopus: 2-s2.0-85100923522