Research on Construction Methods for Network Covert Channels Based on HTTP

2012 ◽  
Vol 220-223 ◽  
pp. 2528-2533
Author(s):  
Ran Zhang ◽  
Yong Gan ◽  
Yi Feng Yin
Keyword(s):  
Network Traffic ◽  
Covert Channel ◽  
Construction Technology ◽  
Traffic Data ◽  
Covert Channels ◽  
Secret Data ◽  
Construction Methods ◽  
Working Principle ◽  
Network Covert Channel

Network covert channel is a steganography technology that uses network traffic data as a carrier to transfer the secret data. This paper analyzes the working principle of network covert channels, and summarizes the commonly used construction technology of network covert channels. Then it analyzes the characteristics of the HTTP header lines and gives some methods of constructing network covert channels with these characteristics. Network covert channels based on the HTTP header lines are simple, flexible, and difficult to be detected and shielded.

scholarly journals A Survey of Key Technologies for Constructing Network Covert Channel

2020 ◽  
Vol 2020 ◽  
pp. 1-20
Author(s):  
Jing Tian ◽  
Gang Xiong ◽  
Zhen Li ◽  
Gaopeng Gou
Keyword(s):  
Communication Technology ◽  
Network Architecture ◽  
The Internet ◽  
Covert Channel ◽  
Free Access ◽  
Transmission Network ◽  
Information Channel ◽  
Covert Channels ◽  
Key Technologies ◽  
Network Covert Channel

In order to protect user privacy or guarantee free access to the Internet, the network covert channel has become a hot research topic. It refers to an information channel in which the messages are covertly transmitted under the network environment. In recent years, many new construction schemes of network covert channels are proposed. But at the same time, network covert channel has also received the attention of censors, leading to many attacks. The network covert channel refers to an information channel in which the messages are covertly transmitted under the network environment. Many users exploit the network covert channel to protect privacy or guarantee free access to the Internet. Previous construction schemes of the network covert channel are based on information steganography, which can be divided into CTCs and CSCs. In recent years, there are some covert channels constructed by changing the transmission network architecture. On the other side, some research work promises that the characteristics of emerging network may better fit the construction of the network covert channel. In addition, the covert channel can also be constructed by changing the transmission network architecture. The proxy and anonymity communication technology implement this construction scheme. In this paper, we divide the key technologies for constructing network covert channels into two aspects: communication content level (based on information steganography) and transmission network level (based on proxy and anonymity communication technology). We give an comprehensively summary about covert channels at each level. We also introduce work for the three new types of network covert channels (covert channels based on streaming media, covert channels based on blockchain, and covert channels based on IPv6). In addition, we present the attacks against the network covert channel, including elimination, limitation, and detection. Finally, the challenge and future research trend in this field are discussed.

scholarly journals Covert Channels Detection with Supported Vector Machine and Hyperbolic Hopfield Neural Network

2018 ◽  
Vol 7 (2.4) ◽  
pp. 62
Author(s):  
G Yuvaraj ◽  
Siva Rama Lingham N ◽  
Rajkamal J
Keyword(s):  
Neural Network ◽  
High Speed ◽  
Hopfield Neural Network ◽  
Support Vector ◽  
Covert Channel ◽  
Detection Accuracy ◽  
Data Loss ◽  
Covert Channels ◽  
Effective Manner ◽  
Network Covert Channel

A mechanism that is intended to expose information against a security violation in a network is the use of network covert channel and it is difficult to detect information about data loss like location of loss using network covert channel. To identify the covert channel were the data pattern missing over the sharing of resources in networks. Several mechanisms are used to identify a large variation of covert channels. However, those mechanisms have more limitation like speed of detection, detection accuracy etc. In this paper, a new machine learning approaches called “Support Vector Machine and Hyperbolic Hopfield Neural Network” to overcome the drawbacks of existing methods. This approach is supported to classifying the different covert channels with data packets which is shared in networks and its supports to identifying the location of data loss or data pattern mismatched. Finally, the proposed methods properly detected covert channels with high accuracy and less detection high speed shared a network resources in effective manner.  

scholarly journals Reducing Network Traffic Data Sets

2007 ◽  
Author(s):  
A. Botta ◽  
A. Dainotti ◽  
A. Pescape ◽  
G. Ventre
Keyword(s):  
Network Traffic ◽  
Data Sets ◽  
Traffic Data

scholarly journals Addressing Covert Channel Attacks in RFID-Enabled Supply Chains

2013 ◽  
pp. 176-190
Author(s):  
Kirti Chawla ◽  
Gabriel Robins
Keyword(s):  
Supply Chain ◽  
Supply Chains ◽  
Network Flow ◽  
Economic Effects ◽  
Future Research ◽  
Covert Channel ◽  
Covert Channels ◽  
Node Selection ◽  
Future Research Directions ◽  
Key Nodes

RFID technology can help competitive organizations optimize their supply chains. However, it may also enable adversaries to exploit covert channels to surreptitiously spy on their competitors. We explain how tracking tags and compromising readers can create covert channels in supply chains and cause detrimental economic effects. To mitigate such attacks, the authors propose a framework that enables an organization to monitor its supply chain. The supply chain is modeled as a network flow graph, where tag flow is verified at selected key nodes, and covert channels are actively sought. While optimal taint checkpoint node selection is algorithmically intractable, the authors propose node selection and flow verification heuristics with various tradeoffs. The chapter discusses economically viable countermeasures against supply chain-based covert channels, and suggests future research directions.

Big network traffic data visualization

2018 ◽  
Vol 77 (9) ◽  
pp. 11459-11487 ◽  
Author(s):  
Zichan Ruan ◽  
Yuantian Miao ◽  
Lei Pan ◽  
Yang Xiang ◽  
Jun Zhang
Keyword(s):  
Data Visualization ◽  
Network Traffic ◽  
Traffic Data

scholarly journals Ordinal synchronization mark sequence and its steganography for a multi-link network covert channel

PLoS ONE ◽  
2021 ◽  
Vol 16 (6) ◽  
pp. e0252813
Author(s):  
Songyin Fu ◽  
Rangding Wang ◽  
Li Dong ◽  
Diqun Yan
Keyword(s):  
Hash Function ◽  
High Capacity ◽  
Superior Performance ◽  
Covert Channel ◽  
Correlation Test ◽  
Switching Patterns ◽  
Finite Set ◽  
Set Up ◽  
Network Covert Channel ◽  
Real Traffic

A multi-link network covert channel (MLCC) such as Cloak exhibits a high capacity and robustness and can achieve lossless modulation of the protocol data units. However, the mechanism of Cloak involving an arrangement of packets over the links (APL) is limited by its passive synchronization schemes, which results in intermittent obstructions in transmitting APL packets and anomalous link switching patterns. In this work, we propose a novel ordinal synchronization mark sequence (OSMS) for a Cloak framework based MLCC to ensure that the marked APL packets are orderly distinguishable. Specifically, a unidirectional function is used to generate the OSMS randomly before realizing covert modulation. Subsequently, we formulate the generation relation of the marks according to their order and embed each mark into the APL packets by using a one-way hash function such that the mark cannot be cracked during the transmission of the APL packet. Finally, we set up a retrieval function of the finite set at the covert receiver to extract the marks and determine their orders, and the APL packets are reorganized to realize covert demodulation. The results of experiments performed on real traffic indicated that the MLCC embedded with OSMS could avoid the passive synchronization schemes and exhibited superior performance in terms of reliability, throughput, and undetectability compared with the renowned Cloak method, especially under a malicious network interference scenario. Furthermore, our approach could effectively resist the inter-link correlation test, which are highly effective in testing the Cloak framework.

Sign in / Sign up

Export Citation Format

Share Document