Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Infranet: Circumventing Web Censorship and Surveillance
Proceedings of the 11th USENIX Security Symposium
Eliminating Steganography in Internet Traffic with Active Wardens
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
IP covert timing channels: design and detection
Proceedings of the 11th ACM conference on Computer and communications security
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Network Based Detection of Passive Covert Channels in TCP/IP
LCN '05 Proceedings of the The IEEE Conference on Local Computer Networks 30th Anniversary
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
ACM Transactions on Information and System Security (TISSEC)
Graph-based P2P traffic classification at the internet backbone
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Data hiding in identification and offset IP fields
ISSADS'05 Proceedings of the 5th international conference on Advanced Distributed Systems
Hi-index | 0.00 |
Firewalls and detection systems have been used for preventing and detecting attacks by a wide variety of mechanisms. A problem has arisen where users and applications can circumvent security policies because of the particularities in the TCP/IP protocol, the ability to obfuscate the data payload, tunnel protocols, and covertly simulate a permitted communication. It has been shown that unusual traffic patterns may lead to discovery of covert channels. Presently, we are not aware of any schemes that address detecting anomalous traffic patterns that can potentially be created by a covert channel. In this work, we will explore the approach of combining anomaly based detection and covert channel profiling to be used for detecting a very precise subset of covert storage channels in network protocols. We shall also discuss why this method is more practical and industry-ready compared to the present research on how to profile and mitigate these types of attacks. Finally, we shall describe a specialized tool to passively monitor networks for these types of attacks and show how it can be used to build an efficient hybrid covert channel and anomaly based detection system.