Steganographic techniques and especially covert channels are becoming prime mechanisms exploited by a wide-range of malware to avoid detection and to bypass network security tools. With the ubiquitous diffusion of IoT nodes, such offensive schemes are expected to be used to exfiltrate data or to covertly orchestrate botnets composed of resource-constrained nodes (e.g., as it happens in Mirai). Therefore, in this paper, we present a machine learning technique for the detection of network covert channels target- ing the TTL field of IPv4 datagrams. Specifically, we propose to use Autoencoders to reveal anomalous traffic behaviors. The experimental evaluation performed over realistic traffic traces showcases the effectiveness of our approach.
Detection of Network Covert Channels in IoT Ecosystems Using Machine Learning
Massimo Guarascio;Marco Zuppelli;Nunziato Cassavia;Giuseppe Manco;Luca Caviglione
2022
Abstract
Steganographic techniques and especially covert channels are becoming prime mechanisms exploited by a wide-range of malware to avoid detection and to bypass network security tools. With the ubiquitous diffusion of IoT nodes, such offensive schemes are expected to be used to exfiltrate data or to covertly orchestrate botnets composed of resource-constrained nodes (e.g., as it happens in Mirai). Therefore, in this paper, we present a machine learning technique for the detection of network covert channels target- ing the TTL field of IPv4 datagrams. Specifically, we propose to use Autoencoders to reveal anomalous traffic behaviors. The experimental evaluation performed over realistic traffic traces showcases the effectiveness of our approach.File | Dimensione | Formato | |
---|---|---|---|
prod_467725-doc_184450.pdf
solo utenti autorizzati
Descrizione: Detection of Network Covert Channels in IoT Ecosystems Using Machine Learning
Tipologia:
Documento in Pre-print
Licenza:
Nessuna licenza dichiarata (non attribuibile a prodotti successivi al 2023)
Dimensione
2.33 MB
Formato
Adobe PDF
|
2.33 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
prod_467725-doc_192542.pdf
solo utenti autorizzati
Descrizione: Detection of Network Covert Channels in IoT Ecosystems Using Machine Learning
Tipologia:
Documento in Pre-print
Licenza:
Nessuna licenza dichiarata (non attribuibile a prodotti successivi al 2023)
Dimensione
2.88 MB
Formato
Adobe PDF
|
2.88 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.