Countering adaptive network covert communication with dynamic wardens

Countering adaptive network covert communication with dynamic wardens

Network covert channels are hidden communication channels in computer networks. They influence several factors of the cybersecurity economy. For instance, by improving the stealthiness of botnet communications, they aid and preserve the value of darknet botnet sales. Covert channels can also be used...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Future generation computer systems 2019-05, Vol.94, p.712-725
Hauptverfasser: Mazurczyk, Wojciech, Wendzel, Steffen, Chourib, Mehdi, Keller, Jörg
Format: Artikel
Sprache:eng
Schlagworte:
Active warden
Computer Science
Covert channel
Cryptography and Security
Data leakage protection
Information hiding
Network steganography
Traffic normalization
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 725
container_issue
container_start_page 712
container_title Future generation computer systems
container_volume 94
creator Mazurczyk, Wojciech
Wendzel, Steffen
Chourib, Mehdi
Keller, Jörg
description Network covert channels are hidden communication channels in computer networks. They influence several factors of the cybersecurity economy. For instance, by improving the stealthiness of botnet communications, they aid and preserve the value of darknet botnet sales. Covert channels can also be used to secretly exfiltrate confidential data out of organizations, potentially resulting in loss of market/research advantage. Considering the above, efforts are needed to develop effective countermeasures against such threats. Thus in this paper, based on the introduced novel warden taxonomy, we present and evaluate a new concept of a dynamic warden. Its main novelty lies in the modification of the warden’s behavior over time, making it difficult for the adaptive covert communication parties to infer its strategy and perform a successful hidden data exchange. Obtained experimental results indicate the effectiveness of the proposed approach. •Addresses the problem of increasingly sophisticated network covert channels.•Presents a comprehensive taxonomy for wardens (covert channel countermeasures).•Introduces the first warden to counter adaptive network covert channels.•Contains a detailed evaluation of the presented warden’s effectiveness and performance.
doi_str_mv 10.1016/j.future.2018.12.047
format Article
fullrecord <record><control><sourceid>hal_cross</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_02460824v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167739X18316133</els_id><sourcerecordid>oai_HAL_hal_02460824v1</sourcerecordid><originalsourceid>FETCH-LOGICAL-c386t-a17c8b572b53145eae56edddbca8e31f5530cd8ef93a2feed85ab3ba057415df3</originalsourceid><addsrcrecordid>eNp9kEFLwzAYhoMoOKf_wEOvHlrzJU2TXYQxphMGXhS8hTT56jLXdqTpxv69HRWPnl74eJ8XvoeQe6AZUCget1nVxz5gxiioDFhGc3lBJqAkSyWAuCSToSZTyWef1-Sm67aUUpAcJmS5aPsmYvDNV2Kc2Ud_wKTBeGzDd2LbA4Y4RF33jbcm-rZJjj5uEndqTO1tcjTBYdPdkqvK7Dq8-80p-Xhevi9W6frt5XUxX6eWqyKmBqRVpZCsFBxygQZFgc650hqFHCohOLVOYTXjhlWITglT8tJQIXMQruJT8jDubsxO74OvTTjp1ni9mq_1-UZZXlDF8gMM3Xzs2tB2XcDqDwCqz9r0Vo_a9FmbBqYHbQP2NGI4_HHwGHRnPTYWnQ9oo3at_3_gB3_Qeko</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Countering adaptive network covert communication with dynamic wardens</title><source>Elsevier ScienceDirect Journals Complete</source><creator>Mazurczyk, Wojciech ; Wendzel, Steffen ; Chourib, Mehdi ; Keller, Jörg</creator><creatorcontrib>Mazurczyk, Wojciech ; Wendzel, Steffen ; Chourib, Mehdi ; Keller, Jörg</creatorcontrib><description>Network covert channels are hidden communication channels in computer networks. They influence several factors of the cybersecurity economy. For instance, by improving the stealthiness of botnet communications, they aid and preserve the value of darknet botnet sales. Covert channels can also be used to secretly exfiltrate confidential data out of organizations, potentially resulting in loss of market/research advantage. Considering the above, efforts are needed to develop effective countermeasures against such threats. Thus in this paper, based on the introduced novel warden taxonomy, we present and evaluate a new concept of a dynamic warden. Its main novelty lies in the modification of the warden’s behavior over time, making it difficult for the adaptive covert communication parties to infer its strategy and perform a successful hidden data exchange. Obtained experimental results indicate the effectiveness of the proposed approach. •Addresses the problem of increasingly sophisticated network covert channels.•Presents a comprehensive taxonomy for wardens (covert channel countermeasures).•Introduces the first warden to counter adaptive network covert channels.•Contains a detailed evaluation of the presented warden’s effectiveness and performance.</description><identifier>ISSN: 0167-739X</identifier><identifier>EISSN: 1872-7115</identifier><identifier>DOI: 10.1016/j.future.2018.12.047</identifier><language>eng</language><publisher>Elsevier B.V</publisher><subject>Active warden ; Computer Science ; Covert channel ; Cryptography and Security ; Data leakage protection ; Information hiding ; Network steganography ; Traffic normalization</subject><ispartof>Future generation computer systems, 2019-05, Vol.94, p.712-725</ispartof><rights>2018 Elsevier B.V.</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c386t-a17c8b572b53145eae56edddbca8e31f5530cd8ef93a2feed85ab3ba057415df3</citedby><cites>FETCH-LOGICAL-c386t-a17c8b572b53145eae56edddbca8e31f5530cd8ef93a2feed85ab3ba057415df3</cites><orcidid>0000-0002-1913-5912</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0167739X18316133$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>230,314,776,780,881,3537,27901,27902,65534</link.rule.ids><backlink>$$Uhttps://inria.hal.science/hal-02460824$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Mazurczyk, Wojciech</creatorcontrib><creatorcontrib>Wendzel, Steffen</creatorcontrib><creatorcontrib>Chourib, Mehdi</creatorcontrib><creatorcontrib>Keller, Jörg</creatorcontrib><title>Countering adaptive network covert communication with dynamic wardens</title><title>Future generation computer systems</title><description>Network covert channels are hidden communication channels in computer networks. They influence several factors of the cybersecurity economy. For instance, by improving the stealthiness of botnet communications, they aid and preserve the value of darknet botnet sales. Covert channels can also be used to secretly exfiltrate confidential data out of organizations, potentially resulting in loss of market/research advantage. Considering the above, efforts are needed to develop effective countermeasures against such threats. Thus in this paper, based on the introduced novel warden taxonomy, we present and evaluate a new concept of a dynamic warden. Its main novelty lies in the modification of the warden’s behavior over time, making it difficult for the adaptive covert communication parties to infer its strategy and perform a successful hidden data exchange. Obtained experimental results indicate the effectiveness of the proposed approach. •Addresses the problem of increasingly sophisticated network covert channels.•Presents a comprehensive taxonomy for wardens (covert channel countermeasures).•Introduces the first warden to counter adaptive network covert channels.•Contains a detailed evaluation of the presented warden’s effectiveness and performance.</description><subject>Active warden</subject><subject>Computer Science</subject><subject>Covert channel</subject><subject>Cryptography and Security</subject><subject>Data leakage protection</subject><subject>Information hiding</subject><subject>Network steganography</subject><subject>Traffic normalization</subject><issn>0167-739X</issn><issn>1872-7115</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNp9kEFLwzAYhoMoOKf_wEOvHlrzJU2TXYQxphMGXhS8hTT56jLXdqTpxv69HRWPnl74eJ8XvoeQe6AZUCget1nVxz5gxiioDFhGc3lBJqAkSyWAuCSToSZTyWef1-Sm67aUUpAcJmS5aPsmYvDNV2Kc2Ud_wKTBeGzDd2LbA4Y4RF33jbcm-rZJjj5uEndqTO1tcjTBYdPdkqvK7Dq8-80p-Xhevi9W6frt5XUxX6eWqyKmBqRVpZCsFBxygQZFgc650hqFHCohOLVOYTXjhlWITglT8tJQIXMQruJT8jDubsxO74OvTTjp1ni9mq_1-UZZXlDF8gMM3Xzs2tB2XcDqDwCqz9r0Vo_a9FmbBqYHbQP2NGI4_HHwGHRnPTYWnQ9oo3at_3_gB3_Qeko</recordid><startdate>201905</startdate><enddate>201905</enddate><creator>Mazurczyk, Wojciech</creator><creator>Wendzel, Steffen</creator><creator>Chourib, Mehdi</creator><creator>Keller, Jörg</creator><general>Elsevier B.V</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0000-0002-1913-5912</orcidid></search><sort><creationdate>201905</creationdate><title>Countering adaptive network covert communication with dynamic wardens</title><author>Mazurczyk, Wojciech ; Wendzel, Steffen ; Chourib, Mehdi ; Keller, Jörg</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c386t-a17c8b572b53145eae56edddbca8e31f5530cd8ef93a2feed85ab3ba057415df3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Active warden</topic><topic>Computer Science</topic><topic>Covert channel</topic><topic>Cryptography and Security</topic><topic>Data leakage protection</topic><topic>Information hiding</topic><topic>Network steganography</topic><topic>Traffic normalization</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Mazurczyk, Wojciech</creatorcontrib><creatorcontrib>Wendzel, Steffen</creatorcontrib><creatorcontrib>Chourib, Mehdi</creatorcontrib><creatorcontrib>Keller, Jörg</creatorcontrib><collection>CrossRef</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection><jtitle>Future generation computer systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Mazurczyk, Wojciech</au><au>Wendzel, Steffen</au><au>Chourib, Mehdi</au><au>Keller, Jörg</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Countering adaptive network covert communication with dynamic wardens</atitle><jtitle>Future generation computer systems</jtitle><date>2019-05</date><risdate>2019</risdate><volume>94</volume><spage>712</spage><epage>725</epage><pages>712-725</pages><issn>0167-739X</issn><eissn>1872-7115</eissn><abstract>Network covert channels are hidden communication channels in computer networks. They influence several factors of the cybersecurity economy. For instance, by improving the stealthiness of botnet communications, they aid and preserve the value of darknet botnet sales. Covert channels can also be used to secretly exfiltrate confidential data out of organizations, potentially resulting in loss of market/research advantage. Considering the above, efforts are needed to develop effective countermeasures against such threats. Thus in this paper, based on the introduced novel warden taxonomy, we present and evaluate a new concept of a dynamic warden. Its main novelty lies in the modification of the warden’s behavior over time, making it difficult for the adaptive covert communication parties to infer its strategy and perform a successful hidden data exchange. Obtained experimental results indicate the effectiveness of the proposed approach. •Addresses the problem of increasingly sophisticated network covert channels.•Presents a comprehensive taxonomy for wardens (covert channel countermeasures).•Introduces the first warden to counter adaptive network covert channels.•Contains a detailed evaluation of the presented warden’s effectiveness and performance.</abstract><pub>Elsevier B.V</pub><doi>10.1016/j.future.2018.12.047</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0002-1913-5912</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0167-739X
ispartof Future generation computer systems, 2019-05, Vol.94, p.712-725
issn 0167-739X
1872-7115
language eng
recordid cdi_hal_primary_oai_HAL_hal_02460824v1
source Elsevier ScienceDirect Journals Complete
subjects Active warden
Computer Science
Covert channel
Cryptography and Security
Data leakage protection
Information hiding
Network steganography
Traffic normalization
title Countering adaptive network covert communication with dynamic wardens
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-21T17%3A54%3A27IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-hal_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Countering%20adaptive%20network%20covert%20communication%20with%20dynamic%20wardens&rft.jtitle=Future%20generation%20computer%20systems&rft.au=Mazurczyk,%20Wojciech&rft.date=2019-05&rft.volume=94&rft.spage=712&rft.epage=725&rft.pages=712-725&rft.issn=0167-739X&rft.eissn=1872-7115&rft_id=info:doi/10.1016/j.future.2018.12.047&rft_dat=%3Chal_cross%3Eoai_HAL_hal_02460824v1%3C/hal_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_els_id=S0167739X18316133&rfr_iscdi=true