The increasing diffusion of malware endowed with steganographic and cloaking capabilities requires tools and techniques for conducting research activities, testing real deployments and elaborating mitigation mechanisms. To investigate attacks targeting network and appliances, a core requirement concerns the availability of suitable traffic traces, which can be used to derive mathematical models for simulation or to develop machine-learning-based countermeasures. Unfortunately, the young nature of threats injecting secrets or cloaking their presence within network traffic, the high protocol- dependent nature of the various embedding processes, and privacy issues, prevent the vast diffusion of datasets to perform research. Therefore, in this paper we present pcapStego, a tool for creating network covert channels within .pcap files. This approach has two major advantages: it allows to prepare large datasets starting from real network traces, and it generates "replayable" conversations useful for both emulating attacks or conduct pentesting campaigns. To prove the effectiveness of the tool, we showcase the generation of network covert channels targeting IPv6 traffic, which is gaining momentum and it is expected to be a major target for future attacks.
pcapStego: A Tool for Generating Traffic Traces for Experimenting with Network Covert Channels
M Zuppelli;L Caviglione
2021
Abstract
The increasing diffusion of malware endowed with steganographic and cloaking capabilities requires tools and techniques for conducting research activities, testing real deployments and elaborating mitigation mechanisms. To investigate attacks targeting network and appliances, a core requirement concerns the availability of suitable traffic traces, which can be used to derive mathematical models for simulation or to develop machine-learning-based countermeasures. Unfortunately, the young nature of threats injecting secrets or cloaking their presence within network traffic, the high protocol- dependent nature of the various embedding processes, and privacy issues, prevent the vast diffusion of datasets to perform research. Therefore, in this paper we present pcapStego, a tool for creating network covert channels within .pcap files. This approach has two major advantages: it allows to prepare large datasets starting from real network traces, and it generates "replayable" conversations useful for both emulating attacks or conduct pentesting campaigns. To prove the effectiveness of the tool, we showcase the generation of network covert channels targeting IPv6 traffic, which is gaining momentum and it is expected to be a major target for future attacks.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_454732-doc_175406.pdf
solo utenti autorizzati
Descrizione: pcapStego: A Tool for Generating Traffic Traces for Experimenting with Network Covert Channels
Tipologia:
Versione Editoriale (PDF)
Dimensione
772.92 kB
Formato
Adobe PDF
|
772.92 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
prod_454732-doc_176565.pdf
solo utenti autorizzati
Descrizione: pcapStego: A Tool for Generating Traffic Traces for Experimenting with Network Covert Channels - Published Version
Tipologia:
Versione Editoriale (PDF)
Dimensione
778.36 kB
Formato
Adobe PDF
|
778.36 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
