Starten Sie Ihre Suche...


Durch die Nutzung unserer Webseite erklären Sie sich damit einverstanden, dass wir Cookies verwenden. Weitere Informationen

Detection of Covert Channels in TCP Retransmissions

Gruschka, Nils (Hrsg). Proc. 23rd Nordic Conference on Secure IT Systems (NordSec 2018). Cham: Springer International Publishing 2018 S. 203 - 218 (LNCS 11252)

Erscheinungsjahr: 2018

ISBN/ISSN: 9783030036379

Publikationstyp: Buchbeitrag (Konferenzbeitrag)

Sprache: Englisch

Doi/URN: 10.1007/978-3-030-03638-6_13

Volltext über DOI/URN

GeprüftBibliothek

Inhaltszusammenfassung


In this paper we describe the implementation and detection of a network covert channel based on TCP retransmissions. For the detection, we implemented and evaluated two statistical detection measures that were originally designed for inter-arrival time-based covert channels, namely the ϵ-similarity and the compressibility. The ε-similarity originally measures the similarity of two timing distributions. The compressibility indicates the presence of a covert channel by measuring the compression...In this paper we describe the implementation and detection of a network covert channel based on TCP retransmissions. For the detection, we implemented and evaluated two statistical detection measures that were originally designed for inter-arrival time-based covert channels, namely the ϵ-similarity and the compressibility. The ε-similarity originally measures the similarity of two timing distributions. The compressibility indicates the presence of a covert channel by measuring the compression ratio of a textual representation of concatenated inter-arrival times. We modified both approaches so that they can be applied to the detection of retransmission-based covert channels, i.e. we performed a so-called countermeasure variation. Our initial results indicate that the ε-similarity can be considered a promising detection method for retransmission-based covert channels while the compressibility itself provides insufficient results but could potentially be used as a classification feature.» weiterlesen» einklappen

  • Covert channel
  • Steganography
  • Steganographie
  • Information hiding
  • Retransmission
  • TCP
  • Countermeasure variation
  • Network Security
  • IT-Sicherheit
  • Netzwerksicherheit

Klassifikation


DFG Fachgebiet:
Informatik

DDC Sachgruppe:
Informatik

Verknüpfte Personen


Steffen Wendzel