Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Countermeasures for covert channel-internal control protocols

 
: Kaur, J.; Wendzel, S.; Meier, M.

:

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
10th International Conference on Availability, Reliability and Security, ARES 2015. Proceedings : 24-28 August 2015, Toulouse, France
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2015
ISBN: 978-1-4673-6590-1
ISBN: 978-1-4673-6591-8
ISBN: 978-1-4673-6589-5
S.422-428
International Conference on Availability, Reliability and Security (ARES) <10, 2015, Toulouse>
Englisch
Konferenzbeitrag
Fraunhofer FKIE ()

Abstract
Network covert channels have become a sophisticated means for transferring hidden information over the network, and thereby breaking the security policy of a system. Covert channel-internal control protocols, called micro protocols, have been introduced in the recent years to enhance capabilities of network covert channels. Micro protocols are usually placed within the hidden bits of a covert channel's payload and enable features such as reliable data transfer, session management, and dynamic routing for network covert channels. These features provide adaptive and stealthy communication channels for malware, especially bot nets. Although many techniques are available to counter network covert channels, these techniques are insufficient for countering micro protocols. In this paper, we present the first work to categorize and implement possible countermeasures for micro protocols that can ultimately break sophisticated covert channel communication. The key aspect of proposing these countermeasures is based on the interaction with the micro protocol. We implemented the countermeasures for two micro protocol-based tools: Ping Tunnel and Smart Covert Channel Tool. The results show that our techniques are able to counter micro protocols in an effective manner compared to current mechanisms, which do not target micro protocol-specific behavior.

: http://publica.fraunhofer.de/dokumente/N-383083.html