|
" Hiding in the Noise: Creation and Detection Analysis of Modern Covert Channels "
Smith, Steven
Siraj, Ambareen
| Document Type
|
:
|
Latin Dissertation
|
| Language of Document
|
:
|
English
|
| Record Number
|
:
|
1053615
|
| Doc. No
|
:
|
TL52732
|
| Main Entry
|
:
|
Smith, Steven
|
| Title & Author
|
:
|
Hiding in the Noise: Creation and Detection Analysis of Modern Covert Channels\ Smith, StevenSiraj, Ambareen
|
| College
|
:
|
Tennessee Technological University
|
| Date
|
:
|
2020
|
| Degree
|
:
|
M.S.
|
| student score
|
:
|
2020
|
| Note
|
:
|
76 p.
|
| Abstract
|
:
|
Network covert channels have become a popular tool for both malicious attackers and intelligence agencies. These techniques can be helpful to the forces of good, such as intelligence agencies that utilize them to exfiltrate information from malicious organizations to thwart their plans. They are also used by malicious attackers to compromise security policies, steal sensitive data, or hide botnet communication. Thus, the Cyber Security research community must always seek to stay ahead of bad actors in their understanding of covert channels. Network Covert channel research in the past has focused on two covert channel types - storage and timing-based channels, as well as those that exploit traditional network protocols such as TCP over covert channels that exploit newer protocols and techniques. In this study we consider some of these more modern technologies that can be used for covert channels and how organizations may defend against them. The Constrained Application Protocol is one of these technologies. It is widely used in IoT networks but has been mostly ignored in covert channel research, making networks and devices that utilize it an easy target for attackers to exploit with covert channel techniques. A new technology to gain attention in recent research is distributed covert channels, which make detection more difficult through spreading secret communication out over many hiding techniques, machines, or protocols. Domain Generating Algorithms (DGAs) allow a single server to virtually distribute communication through the use of many different domain names and IP addresses but have yet to be considered for use in distributed covert channel research. In this research, we present two modern covert channel techniques that exploit the CoAP protocol's unverified fields and another that utilizes DGA algorithms to virtually distribute hidden information and produce a timing-based, distributed covert channel that is able to evade traditional timing channel detection algorithms due to its connection-based and distributed nature. In addition, we present effective methods of detection for these channels through the use of feature engineering and machine learning. This research provides security professionals and researchers the upper hand in improving their defenses against these new covert channel threats using cutting edge technology.
|
| Descriptor
|
:
|
Computer science
|
|
|
:
|
Information technology
|
| Added Entry
|
:
|
Siraj, Ambareen
|
| Added Entry
|
:
|
Tennessee Technological University
|
| |