Information-hiding-based techniques like covert channels are increasingly used by attackers to conceal malware in different carriers, such as images or inter-process communication services. These techniques allow, for example, to secretly exfiltrate information, elude well-know detection mechanisms, or remotely activate a backdoor. The usage of network traffic features is appealing to attackers, as they offer a wide range of possibilities. The adoption of network covert channel often leads to security problems: in fact, several out-of-the-box Intrusion Detection Systems or firewalls do not consider them as a major threat. Being able to spot covert channels is mandatory to fully assess the security capabilities of a network infrastructure. In this poster, we will answer the question of whether we are really protected from the threat of network covert channels, by assessing the detection capabilities of the most popular and open source security mechanisms, i.e., Snort, Zeek and Suricata.

Are We Protected Against Network Covert Channels?

Marco Zuppelli
2022

Abstract

Information-hiding-based techniques like covert channels are increasingly used by attackers to conceal malware in different carriers, such as images or inter-process communication services. These techniques allow, for example, to secretly exfiltrate information, elude well-know detection mechanisms, or remotely activate a backdoor. The usage of network traffic features is appealing to attackers, as they offer a wide range of possibilities. The adoption of network covert channel often leads to security problems: in fact, several out-of-the-box Intrusion Detection Systems or firewalls do not consider them as a major threat. Being able to spot covert channels is mandatory to fully assess the security capabilities of a network infrastructure. In this poster, we will answer the question of whether we are really protected from the threat of network covert channels, by assessing the detection capabilities of the most popular and open source security mechanisms, i.e., Snort, Zeek and Suricata.
2022
Istituto di Matematica Applicata e Tecnologie Informatiche - IMATI -
Network Covert Channels
Network Security
Intrusion Detection Systems
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/461037
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact