Application of Perfectly Undetectable Network Steganography Method for Malware Hidden Communication

Patryk Bąk , Jędrzej Bieniasz , Michał Krzemiński , Krzysztof Szczypiorski

Abstract

Currently designed malware utilizes various mechanisms allowing to increase the level of its undetectability through static and dynamic analysis. One of such mechanisms may be hiding in overt network traffic proper communication between the attacker and an active malware application on the infected terminal side. In this paper, a design of such a covert channel of communication is proposed, using a StegBlocks method, which is characterized by a proven feature of perfectly undetectable network steganography. An environment was implemented to test the proof of concept of the designed system of covert transmission. Characteristics and limitations of the method were discussed and directions for development were proposed.
Author Patryk Bąk (FEIT / IT)
Patryk Bąk,,
- The Institute of Telecommunications
, Jędrzej Bieniasz (FEIT / IT)
Jędrzej Bieniasz,,
- The Institute of Telecommunications
, Michał Krzemiński (FEIT / IT)
Michał Krzemiński,,
- The Institute of Telecommunications
, Krzysztof Szczypiorski (FEIT / IT)
Krzysztof Szczypiorski,,
- The Institute of Telecommunications
Total number of authors7
Pages34-38
Publication size in sheets0.5
Book Jacques Blanc-talon, Szczypiorski Krzysztof (eds.): Proceedings of the 4th International Conference on Frontiers of Signal Processing - ICFSP 2018, 2018, IEEEXplore, ISBN 978-1-5386-7852-7, 175 p.
Keywords in Englishmalware, information hiding, StegBlocks, covert channels
DOIDOI:10.1109/ICFSP.2018.8552057
URL https://ieeexplore.ieee.org/document/8552057
Languageen angielski
File
2018 Bieniasz Szczypiorski Application of Perfectly Undetectable.pdf 128.62 KB
Score (nominal)0
ScoreMinisterial score = 0.0, 03-12-2018, BookChapterMatConf
Ministerial score (2013-2016) = 0.0, 03-12-2018, BookChapterMatConf
Citation count*
Cite
Share Share

Get link to the record


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back