Countering adaptive network covert communication with dynamic wardens

Mazurczyk, Wojciech; Wendzel, Steffen; Chourib, Mehdi; Keller, Jörg

doi:10.1016/j.future.2018.12.047

Cited by 22 publications

(14 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to [15], different wardens exist and they can be classified by considering the type of information they use to detect the covert channel as well as their structure. Literature sill not agree on a unique taxonomy, but three main traits can be used to describe middleboxes and techniques for detecting hidden communication attempts exploiting network artifacts:…”

Section: Development Of Countermeasuresmentioning

confidence: 99%

Trends and Challenges in Network Covert Channels Countermeasures

Caviglione

2021

Applied Sciences

View full text Add to dashboard Cite

Network covert channels are increasingly used to endow malware with stealthy behaviors, for instance to exfiltrate data or to orchestrate nodes of a botnet in a cloaked manner. Unfortunately, the detection of such attacks is difficult as network covert channels are often characterized by low data rates and defenders do not know in advance where the secret information has been hidden. Moreover, neutralization or mitigation are hard tasks, as they require to not disrupt legitimate flows or degrade the quality perceived by users. As a consequence, countermeasures are tightly coupled to specific channel architectures, leading to poorly generalizable and often scarcely scalable approaches. In this perspective, this paper investigates trends and challenges in the development of countermeasures against the most popular network covert channels. To this aim, we reviewed the relevant literature by considering approaches that can be effectively deployed to detect general injection mechanisms or threats observed in the wild. Emphasis has been put on enlightening trajectories that should be considered when engineering mitigation techniques or planning the research to face the increasing wave of information-hiding-capable malware. Results indicate that many works are extremely specialized and an effective strategy for taming security risks caused by network covert channels may benefit from high-level and general approaches. Moreover, mechanisms to prevent the exploitation of ambiguities should be already considered in early design phases of both protocols and services.

show abstract

Section: Development Of Countermeasuresmentioning

confidence: 99%

Trends and Challenges in Network Covert Channels Countermeasures

Caviglione

2021

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…From the countermeasure's perspective, defending a network from covert channels is typically achieved by using wardens [13], [14]. A warden is a single node in a network that intends to unveil, limit, or eliminate any hidden communications [12], [15]. Clearly, in an ideal case, the primary objective of the warden is to detect the existence of NCCs.…”

Section: Fundamentals and Related Workmentioning

confidence: 99%

“…The attacker then uses NCC to exfiltrate confidential data to his external server (CR). To achieve this, CS and CR use the concept of the adaptive covert communication as defined in [12].…”

Section: A Threat Modelmentioning

confidence: 99%

“…In general, the adaptive covert communication relies on two phases [12]: the network environment learning (NEL) phase and the communication (COM) phase. During the NEL phase, the most suitable NCCs are identified by the covert peers to carry out their confidential communication in the presence of an active warden.…”

Section: B Adaptive Covert Communication Functioningmentioning

confidence: 99%

“…Hence, minor modifications are difficult to detect using both statistical and heuristic approaches. In the literature, there has been some work performed on countering NCC using both regular (i.e., traditional) and dynamic wardens [12]. However, little or no work has investigated the elimination of covert communication based on the observed network traffic's covert channel characteristics.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Adaptive Warden Strategy for Countering Network Covert Storage Channels

Chourib

Wendzel

Mazurczyk

2021

2021 IEEE 46th Conference on Local Computer Networks (LCN)

Self Cite

View full text Add to dashboard Cite

The detection and elimination of covert channels are performed by a network node, known as a warden. Especially if faced with adaptive covert communication parties, a regular warden equipped with a static set of normalization rules is ineffective compared to a dynamic warden. However, dynamic wardens rely on periodically changing rule sets and have their own limitations, since they do not consider traffic specifics. We propose a novel adaptive warden strategy, capable of selecting active normalization rules by taking into account the characteristics of the observed network traffic. Our goal is to disturb the covert channel and provoke the covert peers to expose themselves more by increasing the number of packets required to perform a successful covert data transfer. Our evaluation revealed that the adaptive warden has better efficiency and effectiveness when compared to the dynamic warden because of its adaptive selection of normalization rules.

show abstract

A Survey of Covert Storage Channel Countermeasure and Elimination Methodologies to Develop NetWarden Architecture

Gaikwad,

Dakhane

2024

Smart Innovation, Systems and Technologies

View full text Add to dashboard Cite

Countering adaptive network covert communication with dynamic wardens

Cited by 22 publications

References 31 publications

Trends and Challenges in Network Covert Channels Countermeasures

Trends and Challenges in Network Covert Channels Countermeasures

Adaptive Warden Strategy for Countering Network Covert Storage Channels

A Survey of Covert Storage Channel Countermeasure and Elimination Methodologies to Develop NetWarden Architecture

Contact Info

Product

Resources

About