Pattern-Based Survey and Categorization of Network Covert Channel Techniques-Reference-Cited by-同舟云学术

Pattern-Based Survey and Categorization of Network Covert Channel Techniques

Published:2015-04-16 Issue:3 Volume:47 Page:1-26
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Wendzel Steffen¹,Zander Sebastian²,Fechner Bernhard³,Herdin Christian⁴

Affiliation:

1. Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE, Germany

2. Centre for Advanced Internet Architectures, Swinburne University of Technology, Australia

3. Department of Systems and Networking, University of Augsburg, Bavaria, Germany

4. Department of Computer Science, University of Rostock, Germany

Abstract

Network covert channels are used to hide communication inside network protocols. Various techniques for covert channels have arisen in the past few decades. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these techniques can be reduced to only 11 different patterns. Moreover, the majority (69.7%) of techniques can be categorized into only four different patterns (i.e., most techniques we surveyed are similar). We represent the patterns in a hierarchical catalog using a pattern language. Our pattern catalog will serve as a base for future covert channel novelty evaluation. Furthermore, we apply the concept of pattern variations to network covert channels. With pattern variations, the context of a pattern can change. For example, a channel developed for IPv4 can automatically be adapted to other network protocols. We also propose the pattern-based covert channel optimizations pattern hopping and pattern combination. Finally, we lay the foundation for pattern-based countermeasures: whereas many current countermeasures were developed for specific channels, a pattern-oriented approach allows application of one countermeasure to multiple channels. Hence, future countermeasure development can focus on patterns, and the development of real-world protection against covert channels is greatly simplified.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/2684195

Reference89 articles.

1. C. Alexander S. Ishikawa and M. Silverstein. 1977. A Pattern Language: Towns Buildings Construction. Oxford University Press New York NY. C. Alexander S. Ishikawa and M. Silverstein. 1977. A Pattern Language: Towns Buildings Construction. Oxford University Press New York NY.

2. V. Berk A. Giani and G. Cybenko. 2005. Detection of Covert Channel Encoding in Network Packet Delays. Technical Report. Department of Computer Science Dartmouth College Hanover NH. V. Berk A. Giani and G. Cybenko. 2005. Detection of Covert Channel Encoding in Network Packet Delays. Technical Report. Department of Computer Science Dartmouth College Hanover NH.

Cited by 113 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Leveraging Linear Network Error Correction for steganographic network codes;Journal of the Franklin Institute;2024-09

2. Covert communication via blockchain: Hiding patterns and communication patterns;Computer Standards & Interfaces;2024-08

3. A Comprehensive Pattern-based Overview of Stegomalware;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

4. No Country for Leaking Containers: Detecting Exfiltration of Secrets Through AI and Syscalls;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

5. Robust and Homomorphic Covert Channels in Streams of Numeric Data;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30