CNR Institutional Research Information System

Steganographic techniques and especially covert channels are becoming prime mechanisms exploited by a wide-range of malware to avoid detection and to bypass network security tools. With the ubiquitous diffusion of IoT nodes, such offensive schemes are expected to be used to exfiltrate data or to covertly orchestrate botnets composed of resource-constrained nodes (e.g., as it happens in Mirai). Therefore, in this paper, we present a machine learning technique for the detection of network covert channels target- ing the TTL field of IPv4 datagrams. Specifically, we propose to use Autoencoders to reveal anomalous traffic behaviors. The experimental evaluation performed over realistic traffic traces showcases the effectiveness of our approach.

Detection of Network Covert Channels in IoT Ecosystems Using Machine Learning

Massimo Guarascio;Marco Zuppelli;Nunziato Cassavia;Giuseppe Manco;Luca Caviglione

2022

Abstract

Steganographic techniques and especially covert channels are becoming prime mechanisms exploited by a wide-range of malware to avoid detection and to bypass network security tools. With the ubiquitous diffusion of IoT nodes, such offensive schemes are expected to be used to exfiltrate data or to covertly orchestrate botnets composed of resource-constrained nodes (e.g., as it happens in Mirai). Therefore, in this paper, we present a machine learning technique for the detection of network covert channels target- ing the TTL field of IPv4 datagrams. Specifically, we propose to use Autoencoders to reveal anomalous traffic behaviors. The experimental evaluation performed over realistic traffic traces showcases the effectiveness of our approach.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno
	
				2022
			
	Strutture organizzative
	
				Istituto di Calcolo e Reti ad Alte Prestazioni - ICAR
Istituto di Matematica Applicata e Tecnologie Informatiche - IMATI -
			
	Parole chiave
	
				Information Hiding
Covert Channels
Cybersecurity
IoT
Machine Learning
AI
Autoencoders
			
	Appare nelle tipologie:
	
				04.01 Contributo in Atti di convegno

File in questo prodotto:

File	Dimensione	Formato
prod_467725-doc_184450.pdf solo utenti autorizzati Descrizione: Detection of Network Covert Channels in IoT Ecosystems Using Machine Learning Tipologia: Documento in Pre-print Licenza: Nessuna licenza dichiarata (non attribuibile a prodotti successivi al 2023) Dimensione 2.33 MB Formato Adobe PDF Visualizza/Apri Richiedi una copia	2.33 MB	Adobe PDF	Visualizza/Apri Richiedi una copia
prod_467725-doc_192542.pdf solo utenti autorizzati Descrizione: Detection of Network Covert Channels in IoT Ecosystems Using Machine Learning Tipologia: Documento in Pre-print Licenza: Nessuna licenza dichiarata (non attribuibile a prodotti successivi al 2023) Dimensione 2.88 MB Formato Adobe PDF Visualizza/Apri Richiedi una copia	2.88 MB	Adobe PDF	Visualizza/Apri Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/441483

Citazioni

ND

ND

ND

social impact