Steganographic techniques and especially covert channels are becoming prime mechanisms exploited by a wide-range of malware to avoid detection and to bypass network security tools. With the ubiquitous diffusion of IoT nodes, such offensive schemes are expected to be used to exfiltrate data or to covertly orchestrate botnets composed of resource-constrained nodes (e.g., as it happens in Mirai). Therefore, in this paper, we present a machine learning technique for the detection of network covert channels target- ing the TTL field of IPv4 datagrams. Specifically, we propose to use Autoencoders to reveal anomalous traffic behaviors. The experimental evaluation performed over realistic traffic traces showcases the effectiveness of our approach.
Detection of Network Covert Channels in IoT Ecosystems Using Machine Learning
Massimo Guarascio;Marco Zuppelli;Nunziato Cassavia;Giuseppe Manco;Luca Caviglione
2022
Abstract
Steganographic techniques and especially covert channels are becoming prime mechanisms exploited by a wide-range of malware to avoid detection and to bypass network security tools. With the ubiquitous diffusion of IoT nodes, such offensive schemes are expected to be used to exfiltrate data or to covertly orchestrate botnets composed of resource-constrained nodes (e.g., as it happens in Mirai). Therefore, in this paper, we present a machine learning technique for the detection of network covert channels target- ing the TTL field of IPv4 datagrams. Specifically, we propose to use Autoencoders to reveal anomalous traffic behaviors. The experimental evaluation performed over realistic traffic traces showcases the effectiveness of our approach.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.