6,062 research outputs found
xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs
In this paper we show how attackers can covertly leak data (e.g., encryption
keys, passwords and files) from highly secure or air-gapped networks via the
row of status LEDs that exists in networking equipment such as LAN switches and
routers. Although it is known that some network equipment emanates optical
signals correlated with the information being processed by the device
('side-channel'), intentionally controlling the status LEDs to carry any type
of data ('covert-channel') has never studied before. A malicious code is
executed on the LAN switch or router, allowing full control of the status LEDs.
Sensitive data can be encoded and modulated over the blinking of the LEDs. The
generated signals can then be recorded by various types of remote cameras and
optical sensors. We provide the technical background on the internal
architecture of switches and routers (at both the hardware and software level)
which enables this type of attack. We also present amplitude and frequency
based modulation and encoding schemas, along with a simple transmission
protocol. We implement a prototype of an exfiltration malware and discuss its
design and implementation. We evaluate this method with a few routers and
different types of LEDs. In addition, we tested various receivers including
remote cameras, security cameras, smartphone cameras, and optical sensors, and
also discuss different detection and prevention countermeasures. Our experiment
shows that sensitive data can be covertly leaked via the status LEDs of
switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per
LED
Micro protocol engineering for unstructured carriers: On the embedding of steganographic control protocols into audio transmissions
Network steganography conceals the transfer of sensitive information within
unobtrusive data in computer networks. So-called micro protocols are
communication protocols placed within the payload of a network steganographic
transfer. They enrich this transfer with features such as reliability, dynamic
overlay routing, or performance optimization --- just to mention a few. We
present different design approaches for the embedding of hidden channels with
micro protocols in digitized audio signals under consideration of different
requirements. On the basis of experimental results, our design approaches are
compared, and introduced into a protocol engineering approach for micro
protocols.Comment: 20 pages, 7 figures, 4 table
DNA Steganalysis Using Deep Recurrent Neural Networks
Recent advances in next-generation sequencing technologies have facilitated
the use of deoxyribonucleic acid (DNA) as a novel covert channels in
steganography. There are various methods that exist in other domains to detect
hidden messages in conventional covert channels. However, they have not been
applied to DNA steganography. The current most common detection approaches,
namely frequency analysis-based methods, often overlook important signals when
directly applied to DNA steganography because those methods depend on the
distribution of the number of sequence characters. To address this limitation,
we propose a general sequence learning-based DNA steganalysis framework. The
proposed approach learns the intrinsic distribution of coding and non-coding
sequences and detects hidden messages by exploiting distribution variations
after hiding these messages. Using deep recurrent neural networks (RNNs), our
framework identifies the distribution variations by using the classification
score to predict whether a sequence is to be a coding or non-coding sequence.
We compare our proposed method to various existing methods and biological
sequence analysis methods implemented on top of our framework. According to our
experimental results, our approach delivers a robust detection performance
compared to other tools
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Detecting Selected Network Covert Channels Using Machine Learning
International audienceNetwork covert channels break a computer's security policy to establish a stealthy communication. They are a threat being increasingly used by malicious software. Most previous studies on detecting network covert channels using Machine Learning (ML) were tested with a dataset that was created using one single covert channel tool and also are ineffective at classifying covert channels into patterns. In this paper, selected ML methods are applied to detect popular network covert channels. The capacity of detecting and classifying covert channels with high precision is demonstrated. A dataset was created from nine standard covert channel tools and the covert channels are then accordingly classified into patterns and labelled. Half of the generated dataset is used to train three different ML algorithms. The remaining half is used to verify the algorithms' performance. The tested ML algorithms are Support Vector Machines (SVM), k-Nearest Neighbors (k-NN) and Deep Neural Networks (DNN). The k-NN model demonstrated the highest precision rate at 98% detection of a given covert channel and with a low false positive rate of 1%
Covert Channels Within IRC
The exploration of advanced information hiding techniques is important to understand and defend against illicit data extractions over networks. Many techniques have been developed to covertly transmit data over networks, each differing in their capabilities, methods, and levels of complexity. This research introduces a new class of information hiding techniques for use over Internet Relay Chat (IRC), called the Variable Advanced Network IRC Stealth Handler (VANISH) system. Three methods for concealing information are developed under this framework to suit the needs of an attacker. These methods are referred to as the Throughput, Stealth, and Baseline scenarios. Each is designed for a specific purpose: to maximize channel capacity, minimize shape-based detectability, or provide a baseline for comparison using established techniques applied to IRC. The effectiveness of these scenarios is empirically tested using public IRC servers in Chicago, Illinois and Amsterdam, Netherlands. The Throughput method exfiltrates covert data at nearly 800 bits per second (bps) compared to 18 bps with the Baseline method and 0.13 bps for the Stealth method. The Stealth method uses Reed-Solomon forward error correction to reduce bit errors from 3.1% to nearly 0% with minimal additional overhead. The Stealth method also successfully evades shape-based detection tests but is vulnerable to regularity-based tests
A Deep Learning Based Approach To Detect Covert Channels Attacks and Anomaly In New Generation Internet Protocol IPv6
The increased dependence of internet-based technologies in all facets of life
challenges the government and policymakers with the need for effective shield mechanism
against passive and active violations. Following up with the Qatar national vision 2030
activities and its goals for “Achieving Security, stability and maintaining public safety”
objectives, the present paper aims to propose a model for safeguarding the information and
monitor internet communications effectively. The current study utilizes a deep learning
based approach for detecting malicious communications in the network traffic. Considering
the efficiency of deep learning in data analysis and classification, a convolutional neural
network model was proposed. The suggested model is equipped for detecting attacks in
IPv6. The performance of the proposed detection algorithm was validated using a number
of datasets, including a newly created dataset. The performance of the model was evaluated
for covert channel, DDoS attacks detection in IPv6 and for anomaly detection. The
performance assessment produced an accuracy of 100%, 85% and 98% for covert channel
detection, DDoS detection and anomaly detection respectively. The project put forward a
novel approach for detecting suspicious communications in the network traffic
Principles of Physical Layer Security in Multiuser Wireless Networks: A Survey
This paper provides a comprehensive review of the domain of physical layer
security in multiuser wireless networks. The essential premise of
physical-layer security is to enable the exchange of confidential messages over
a wireless medium in the presence of unauthorized eavesdroppers without relying
on higher-layer encryption. This can be achieved primarily in two ways: without
the need for a secret key by intelligently designing transmit coding
strategies, or by exploiting the wireless communication medium to develop
secret keys over public channels. The survey begins with an overview of the
foundations dating back to the pioneering work of Shannon and Wyner on
information-theoretic security. We then describe the evolution of secure
transmission strategies from point-to-point channels to multiple-antenna
systems, followed by generalizations to multiuser broadcast, multiple-access,
interference, and relay networks. Secret-key generation and establishment
protocols based on physical layer mechanisms are subsequently covered.
Approaches for secrecy based on channel coding design are then examined, along
with a description of inter-disciplinary approaches based on game theory and
stochastic geometry. The associated problem of physical-layer message
authentication is also introduced briefly. The survey concludes with
observations on potential research directions in this area.Comment: 23 pages, 10 figures, 303 refs. arXiv admin note: text overlap with
arXiv:1303.1609 by other authors. IEEE Communications Surveys and Tutorials,
201
- …