Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 24 / Issue 7

available in:   PDF (333 kB) PS (797 kB)
Similar Docs BibTeX   Write a comment
Links into Future
DOI:   10.3217/jucs-024-07-0864


SOMSteg - Framework for Covert Channel, and its Detection, within HTTP

Waldemar Graniszewski (Warsaw University of Technology, Poland)

Jacek Krupski (Warsaw University of Technology, Poland)

Krzysztof Szczypiorski (Warsaw University of Technology, Poland)

Abstract: Due to high efficiency and relatively ease of use, application-layer covert channels, especially HyperText Transfer Protocol (HTTP), have been extensively studied in recent years. This paper extends a new steganographic method where the covert channel is created within the HTTP protocol header, i.e., trailer field. HTTP is the most popular protocol for browsing the Internet and gives the possibility of information sharing. The popularity of HTTP traffic is one of the requirements for undetectable message exchange. This paper presents SOMSteg - a framework for a covert channel, and its detection as a countermeasure, within HTTP. The server's and client's parts are implemented in the JavaScript language and based on the Node.js. Several machine learning techniques can be used for anomaly detection. We tested the detection possibility of such hidden communication by Self Organizing Maps (SOMs). SOMs were also used for tuning the parameters of the covert channel settings within the HTTP trailer. The results of the performed studies are also presented.

Keywords: HTTP, SOM, covert channels, information hiding, machine learning, network steganography

Categories: C.2.0, D.2.11, D.4.6, I.2, I.5.3, K.6.5