Countering adaptive network covert communication with dynamic wardens

Wojciech Mazurczyk , Steffen Wendzel , Mehdi Chourib , Jörg Keller

Abstract

Network covert channels are hidden communication channels in computer networks. They influence several factors of the cybersecurity economy. For instance, by improving the stealthiness of botnet communications, they aid and preserve the value of darknet botnet sales. Covert channels can also be used to secretly exfiltrate confidential data out of organizations, potentially resulting in loss of market/research advantage. Considering the above, efforts are needed to develop effective countermeasures against such threats. Thus in this paper, based on the introduced novel warden taxonomy, we present and evaluate a new concept of a dynamic warden. Its main novelty lies in the modification of the warden’s behavior over time, making it difficult for the adaptive covert communication parties to infer its strategy and perform a successful hidden data exchange. Obtained experimental results indicate the effectiveness of the proposed approach.
Author Wojciech Mazurczyk (FEIT / IT)
Wojciech Mazurczyk,,
- The Institute of Telecommunications
, Steffen Wendzel - Worms University of Applied Sciences (HS-Worms)
Steffen Wendzel,,
-
, Mehdi Chourib - University of Hagen (fernuni-hagen)
Mehdi Chourib,,
-
, Jörg Keller - University of Hagen (fernuni-hagen)
Jörg Keller,,
-
Journal seriesFuture Generation Computer Systems, ISSN 0167-739X, (A 35 pkt)
Issue year2019
Volin press
NoAvailable online 26 December 2018
Pages1-50
Publication size in sheets2.45
Keywords in EnglishCovert channel, Active warden, Traffic normalization, Information hiding, Network steganography, Data leakage protection
ASJC Classification1705 Computer Networks and Communications; 1708 Hardware and Architecture; 1712 Software
DOIDOI:10.1016/j.future.2018.12.047
Languageen angielski
File
2019 Mazurczyk Wenzel Countering adaptive network covert communication.pdf 3.41 MB
Score (nominal)40
ScoreMinisterial score = 35.0, ArticleFromJournal
Ministerial score (2013-2016) = 40.0, ArticleFromJournal
Publication indicators Scopus SNIP (Source Normalised Impact per Paper): 2016 = 3.383; WoS Impact Factor: 2017 = 4.639 (2) - 2017=4.968 (5)
Citation count*
Cite
Share Share

Get link to the record


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back