Information-hiding-based techniques like covert channels are increasingly used by attackers to conceal malware in different carriers, such as images or inter-process communication services. These techniques allow, for example, to secretly exfiltrate information, elude well-know detection mechanisms, or remotely activate a backdoor. The usage of network traffic features is appealing to attackers, as they offer a wide range of possibilities. The adoption of network covert channel often leads to security problems: in fact, several out-of-the-box Intrusion Detection Systems or firewalls do not consider them as a major threat. Being able to spot covert channels is mandatory to fully assess the security capabilities of a network infrastructure. In this poster, we will answer the question of whether we are really protected from the threat of network covert channels, by assessing the detection capabilities of the most popular and open source security mechanisms, i.e., Snort, Zeek and Suricata.
Are We Protected Against Network Covert Channels?
Marco Zuppelli
2022
Abstract
Information-hiding-based techniques like covert channels are increasingly used by attackers to conceal malware in different carriers, such as images or inter-process communication services. These techniques allow, for example, to secretly exfiltrate information, elude well-know detection mechanisms, or remotely activate a backdoor. The usage of network traffic features is appealing to attackers, as they offer a wide range of possibilities. The adoption of network covert channel often leads to security problems: in fact, several out-of-the-box Intrusion Detection Systems or firewalls do not consider them as a major threat. Being able to spot covert channels is mandatory to fully assess the security capabilities of a network infrastructure. In this poster, we will answer the question of whether we are really protected from the threat of network covert channels, by assessing the detection capabilities of the most popular and open source security mechanisms, i.e., Snort, Zeek and Suricata.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_478419-doc_196239.pdf
solo utenti autorizzati
Descrizione: Are We Protected Against Network Covert Channels?
Tipologia:
Versione Editoriale (PDF)
Dimensione
478.18 kB
Formato
Adobe PDF
|
478.18 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
