The New Threats of Information Hiding: The Road Ahead

Cabaj, Krzysztof; Caviglione, Luca; Mazurczyk, Wojciech; Wendzel, Steffen; Woodward, Alan; Zander, Sebastian

doi:10.1109/mitp.2018.032501746

Cited by 87 publications

(41 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It can deal with the threat of information hiding that can be extracted later. Steganography technology has recently evolved into intelligent attacks that apply to various protocols such as CCTVs, smart TVs, and IoT devices [17]. These attacks are becoming a threat and can hide malicious or confidential information in files such as image, audio, and video files.…”

Section: Methods To Detect and Prevent Malicious Code From Being Hiddmentioning

confidence: 99%

ImageDetox: Method for the Neutralization of Malicious Code Hidden in Image Files

Jung¹,

Lee

Euom

2020

Symmetry

View full text Add to dashboard Cite

Malicious codes may cause virus infections or threats of ransomware through symmetric encryption. Moreover, various bypassing techniques such as steganography, which refers to the hiding of malicious code in image files, have been devised. Unknown or new malware hidden in an image file in the form of malicious code is difficult to detect using most representative reputation- or signature-based antivirus methods. In this paper, we propose the use of ImageDetox method to neutralize malicious code hidden in an image file even in the absence of any prior information regarding the signatures or characteristics of the code. This method is composed of four modules: image file extraction, image file format analysis, image file conversion, and the convergence of image file management modules. To demonstrate the effectiveness of the proposed method, 30 image files with hidden malicious codes were used in an experiment. The malicious codes were selected from 48,220 recent malicious codes purchased from VirusTotal (a commercial application programming interface (API)). The experimental results showed that the detection rate of viruses was remarkably reduced. In addition, image files from which the hidden malicious code had previously been removed using a nonlinear transfer function maintained nearly the same quality as that of the original image; in particular, the difference could not be distinguished by the naked eye. The proposed method can also be utilized to prevent security threats resulting from the concealment of confidential information in image files with the aim of leaking such threats.

show abstract

Section: Methods To Detect and Prevent Malicious Code From Being Hiddmentioning

confidence: 99%

ImageDetox: Method for the Neutralization of Malicious Code Hidden in Image Files

Jung¹,

Lee

Euom

2020

Symmetry

View full text Add to dashboard Cite

show abstract

“…Even if applying a rule needs only 100 instructions, a core running at 2 GHz and with an IPC 4 of 1.5 cannot apply more than 30 rules. 5 While the throughput can be increased by using multiple cores for different packets, latency still will grow beyond 1 microsecond for more than 30 rules, as fine-grained parallelism by using multiple cores for different rules on a single packet will not pay off because of parallelization overhead. Thus, negative side-effects for packets with real-time requirements, such as Voice-over-IP traffic, would be the consequence.…”

Section: Resource Consumption Analysis and Impact On Legitimate Usersmentioning

confidence: 99%

Countering adaptive network covert communication with dynamic wardens

Mazurczyk

Wendzel

Chourib

et al. 2019

Future Generation Computer Systems

Self Cite

View full text Add to dashboard Cite

HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

“…MQTT has been heavily applied since its appearance in 1999, e.g., in Facebook Messenger, 1 Amazon IoT (a part of the Amazon Web Services), 2 OpenStack, 3 home automation platform Home Assistant, 4 Microsoft Azure IoT Hub, 5 in the FloodNet project 6 for monitoring river levels and environmental information to provide early warnings of flooding, etc. MQTT libraries are available for many programming 1 Lucy Zhang: Building Facebook Messenger, 12 August 2011.…”

Section: Mqtt Fundamentalsmentioning

confidence: 99%

“…MQTT libraries are available for many programming 1 Lucy Zhang: Building Facebook Messenger, 12 August 2011. 2 https://docs.aws.amazon.com/iot/latest/developerguide/mqtt.html 3 https://docs.openstack.org/infra/system-config/firehose.html 4 https://www.home-assistant.io/components/mqtt/ 5 https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-mqtt-support 6 http://envisense.org/floodnet/overview.htm languages and platforms, such as Java, C, C++, C#, JavaScript,.NET, etc.…”

Section: Mqtt Fundamentalsmentioning

confidence: 99%

See 1 more Smart Citation

Covert Channels in the MQTT-Based Internet of Things

et al. 2019

Self Cite

View full text Add to dashboard Cite

Network covert channels are a part of the information hiding research area that deals with the secret transfer of information over communication networks. Covert channels can be utilized, for instance, for data leakage and stealthy malware communications. While data hiding in communication networks has been studied within the last years for several major communication protocols, currently no work is available that investigates covert channels for the publish-subscriber model. To fill this gap, we present the first comprehensive study of covert channels in a protocol utilizing the publish-subscriber model, i.e., the Message Queuing Telemetry Transport (MQTT) protocol which is widely deployed in Internet of Things (IoT) environments. In particular, we describe seven direct and six indirect covert channels and we evaluate and categorize them using the network information hiding patterns approach. Finally, in order to prove that MQTT-based covert channels are practically feasible and effective, we implement the chosen data hiding scheme and perform its experimental evaluation. INDEX TERMS MQTT, network steganography, network covert channels, data hiding, information hiding, IoT.

show abstract

The New Threats of Information Hiding: The Road Ahead

Cited by 87 publications

References 14 publications

ImageDetox: Method for the Neutralization of Malicious Code Hidden in Image Files

ImageDetox: Method for the Neutralization of Malicious Code Hidden in Image Files

Countering adaptive network covert communication with dynamic wardens

Covert Channels in the MQTT-Based Internet of Things

Contact Info

Product

Resources

About