4 research outputs found
Design of Transport Layer Based Hybrid Covert Channel Detection Engine
Computer network is unpredictable due to information warfare and is prone to
various attacks. Such attacks on network compromise the most important
attribute, the privacy. Most of such attacks are devised using special
communication channel called "Covert Channel". The word "Covert" stands for
hidden or non-transparent. Network Covert Channel is a concealed communication
path within legitimate network communication that clearly violates security
policies laid down. The non-transparency in covert channel is also referred to
as trapdoor. A trapdoor is unintended design within legitimate communication
whose motto is to leak information. Subliminal channel, a variant of covert
channel works similarly except that the trapdoor is set in a cryptographic
algorithm. A composition of covert channel with subliminal channel is the
"Hybrid Covert Channel". Hybrid covert channel is homogenous or heterogeneous
mixture of two or more variants of covert channels either active at same
instance or at different instances of time. Detecting such malicious channel
activity plays a vital role in removing threat to the legitimate network. In
this paper, we present a study of multi-trapdoor covert channels and introduce
design of a new detection engine for hybrid covert channel in transport layer
visualized in TCP and SSL.Comment: 8 pages, 4 figures, Journa
Виявлення аномалiй мережного трафiку з метою знешкодження прихованих каналiв передачi iнформацiї у мережних протоколах
В роботі досліджено методи виявлення та знешкодження відомих
прихованих каналів у мережних протоколах. Випробувано готові засоби
боротьби із прихованими каналам на прикладі DNS тунелю. Розроблено та
реалізовано власний метод виявлення прихованих каналів передачi
iнформацiї у мережних протоколах шляхом детектування аномалій
мережного трафіку. У ході дослідження створено засоби моніторингу та
аналізу мережного трафіку – вочер та дашборд. Доведено доцільність
використання комбінації Wireshark та Elastic Stack з метою виявлення
потенційного прихованого каналу. Розглянуто превентивні заходи
боротьби із прихованими каналами.Methods of detection and neutralizing of known covert channels in
network protocols were investigated. Ready-made tools to eliminate hidden
channels have been tested on the example of DNS tunnel. Own method of
detecting covert channels of information transmission in network protocols by
detecting network traffic anomalies was developed and implemented. In the
course of the study, the means of monitoring and analysis of network traffic –
watcher and dashboard – were created. The expediency of using the Wireshark
and Elastic Stack combination to identify a potential covert channel has been
proven. Preventive measures to use as countermeasures against covert channels
were investigated