2011 Seventh European Conference on Computer Network Defense 2011
DOI: 10.1109/ec2nd.2011.12
|View full text |Cite
|
Sign up to set email alerts
|

Adaptive Detection of Covert Communication in HTTP Requests

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
22
0

Year Published

2015
2015
2024
2024

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 12 publications
(22 citation statements)
references
References 11 publications
0
22
0
Order By: Relevance
“…Denying or restricting network access is often used to thwart malware (using firewalls to block outside connections to sensitive networks is a commonly means of accomplishing this). To bypass such protection mechanisms, the malware might employ any combination of the following network evasion techniques [45]:…”
Section: Avoiding Detectionmentioning
confidence: 99%
“…Denying or restricting network access is often used to thwart malware (using firewalls to block outside connections to sensitive networks is a commonly means of accomplishing this). To bypass such protection mechanisms, the malware might employ any combination of the following network evasion techniques [45]:…”
Section: Avoiding Detectionmentioning
confidence: 99%
“…MONT [24] in Python, the current state of the art regarding host-specific anomaly detection. We have evaluated and compared them with different datasets.…”
Section: • We Have Implemented Prototypes Of Decanter and Du-mentioning
confidence: 99%
“…For instance, data exfiltration can be an obfuscated transmission of a database in small chunks within hours, or a cryptographic key pair within a single request. To tackle these issues, researchers have proposed anomaly-based detection approaches that generate models only from the benign network data of each specific machine [5,24]. We refer to this category as host-specific anomaly detection, which differs from the commonly known term 'host-based' used for techniques that analyze the internal state of a machine.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…The first observation suggests that monitoring any single part of the attack chain will be insufficient to reliably identify attacks. For instance, network connections corresponding C&C channel will often be highly active and long‐lasting, which has prompted the construction of C&C detectors . The problem is that many legitimate connections exhibit similar patterns, leading to an inevitable high false alarm rate.…”
Section: Introductionmentioning
confidence: 99%