Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Issue 13
Volume 24 (2018)
Volume 23 (2017)
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Volume 14 (2008)
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 25 / Issue 11

available in:   PDF (229 kB) PS (268 kB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future
 
DOI:   10.3217/jucs-025-11-1396

 

Detection of Size Modulation Covert Channels Using Countermeasure Variation

Steffen Wendzel (Fraunhofer FKIE & Worms University of Applied Sciences, Germany)

Florian Link (Worms University of Applied Sciences, Germany)

Daniela Eller (Worms University of Applied Sciences, Germany)

Wojciech Mazurczyk (Warsaw University of Technology, Poland)

Abstract: Network covert channels enable stealthy communications for malware and data exfiltration. For this reason, developing effective countermeasures for these threats is important for the protection of individuals and organizations. However, due to the large number of available covert channel techniques, it is considered impractical to develop countermeasures for all existing covert channels.

In recent years, researchers started to develop countermeasures that (instead of only countering one particular hiding technique) can be applied to a whole family of similar hiding techniques. These families are referred to as hiding patterns.

Considering above, the main contribution of this paper is to introduce the concept of countermeasure variation. Countermeasure variation is a slight modification of a given countermeasure that was designed to detect covert channels of one specific hiding pattern so that the countermeasure can also detect covert channels that are representing other hiding patterns.

We exemplify countermeasure variation using the compressibility score, the ε-similarity and the regularity metric originally presented by Cabuk et al. All three methods are used to detect covert channels that utilize the Inter-packet Times pattern and we show that countermeasure variation allows the application of these countermeasures to detect covert channels of the Size Modulation pattern, too.

Keywords: covert channels, information hiding, network security, network steganography, patterns

Categories: B.4.1, C.2.2, C.2.5, C.2.6, D.4.6, K.6.5, K.7.m