Pattern-Based Survey and Categorization of Network Covert Channel Techniques

被引:157
作者
Wendzel, Steffen [1 ]
Zander, Sebastian [2 ]
Fechner, Bernhard [3 ]
Herdin, Christian [4 ]
机构
[1] Fraunhofer Inst Commun Informat Proc & Ergon FKIE, Wachtberg, Germany
[2] Swinburne Univ Technol, Ctr Adv Internet Architectures, Hawthorn, Vic 3122, Australia
[3] Univ Augsburg, Inst Informat, Dept Syst & Networking, D-86135 Augsburg, Bavaria, Germany
[4] Univ Rostock, Dept Comp Sci, D-18051 Rostock, Mecklenburg Wes, Germany
关键词
Security; Covert channels; information hiding; taxonomy; patterns; PLML; network security; STEGANOGRAPHY; PROTOCOL;
D O I
10.1145/2684195
中图分类号
TP301 [理论、方法];
学科分类号
080201 [机械制造及其自动化];
摘要
Network covert channels are used to hide communication inside network protocols. Various techniques for covert channels have arisen in the past few decades. We surveyed and analyzed 109 techniques developed between 1987 and 2013 and show that these techniques can be reduced to only 11 different patterns. Moreover, the majority (69.7%) of techniques can be categorized into only four different patterns (i.e., most techniques we surveyed are similar). We represent the patterns in a hierarchical catalog using a pattern language. Our pattern catalog will serve as a base for future covert channel novelty evaluation. Furthermore, we apply the concept of pattern variations to network covert channels. With pattern variations, the context of a pattern can change. For example, a channel developed for IPv4 can automatically be adapted to other network protocols. We also propose the pattern-based covert channel optimizations pattern hopping and pattern combination. Finally, we lay the foundation for pattern-based countermeasures: whereas many current countermeasures were developed for specific channels, a pattern-oriented approach allows application of one countermeasure to multiple channels. Hence, future countermeasure development can focus on patterns, and the development of real-world protection against covert channels is greatly simplified.
引用
收藏
页数:26
相关论文
共 87 条
[1]
Ahsan K., 2002, P WORKSH MULT SEC
[2]
Alexander C., 1977, PATTERN LANGUAGE TOW
[3]
[Anonymous], 2005, PROC 3 IEEE INT SECU
[4]
[Anonymous], 2009, PING TUNNEL THOSE TI
[5]
[Anonymous], 2012, SNORT US MAN 2 9 3
[6]
[Anonymous], 2009, DESIGNING INTERFACES
[7]
[Anonymous], P 14 ACM C COMP COMM
[8]
[Anonymous], 2011, TECHNICAL REPORT
[9]
[Anonymous], P 4 C PATT LANG PROG
[10]
[Anonymous], 2010, PROC 14 INT TELECOMM