Articolo in rivista, 2022, ENG, 10.1109/ACCESS.2022.3168018.
Przemyslaw Szary, Wojciech Mazurczyk, Steffen Wendzel, Luca Caviglione
Warsaw University of Technology, Hochschule Worms, National Research Council of Italy
In the last years, the utilization of information hiding techniques for empowering modern strains of malware has become a serious concern for security experts. Such an approach allows attackers to act in a stealthy manner, for instance, to covertly exfiltrate confidential data or retrieve additional command & control payloads for the operation of malware. Therefore, the deep understanding of data hiding mechanisms is a core requirement, as it allows designing effective countermeasures. Unfortunately, the most recent evolution of information-hiding-capable threats enjoys reversible properties, i.e., the abused network flow is restored to its original form. Hence, detection approaches based on the comparison of different traffic samples may not work anymore. In this paper, we further investigate various methods for performing reversible data hiding for network covert channels. Specifically, we extend our previous research by considering different scenarios focusing on IPv4 traffic and HTTP conversations. The results confirm that reversibility can be used in various network conditions and is not impaired by middleboxes. In addition, engineering countermeasures or mitigation techniques could be difficult, thus requiring to consider reversible mechanisms already in the early design stages of a protocol/deployment.
IEEE access 10 , pp. 41226–41238
covert channels, information hiding, cyber security, security
IMATI – Istituto di matematica applicata e tecnologie informatiche "Enrico Magenes"
ID: 466387
Year: 2022
Type: Articolo in rivista
Creation: 2022-04-19 13:24:03.000
Last update: 2022-05-03 07:34:59.000
CNR authors
External IDs
CNR OAI-PMH: oai:it.cnr:prodotti:466387
DOI: 10.1109/ACCESS.2022.3168018.