Donnerstag, 3. Januar 2019

New Paper Introduces a Dynamic Warden

Our new paper `Countering adaptive network covert communication with dynamic wardens' introduces a new type of warden to combat sophisticated network covert channels. Moreover does it introduces a novel warden taxonomy. It just appeared in FGCS Vol. 94:

Wojciech Mazurczyk, Steffen Wendzel, Mehdi Chourib, Jörg Keller: Countering Adaptive Network Covert Communication with Dynamic Wardens, Future Generation Computer Systems (FGCS), Vol. 94, pp. 712-725, Elsevier, 2019.
Impact factor: 4.639 (at time of publication).

AbstractNetwork covert channels are hidden communication channels in computer networks. They influence several factors of the cybersecurity economy. For instance, by improving the stealthiness of botnet communications, they aid and preserve the value of darknet botnet sales. Covert channels can also be used to secretly exfiltrate confidential data out of organizations, potentially resulting in loss of market/research advantage. Considering the above, efforts are needed to develop effective countermeasures against such threats. Thus in this paper, based on the introduced novel warden taxonomy, we present and evaluate a new concept of a dynamic warden. Its main novelty lies in the modification of the warden’s behavior over time, making it difficult for the adaptive covert communication parties to infer its strategy and perform a successful hidden data exchange. Obtained experimental results indicate the effectiveness of the proposed approach.

Dienstag, 11. September 2018

The Idea of Countermeasure Variation

There is upcoming work of us on modifying pattern-specific countermeasures so that they can also detect covert channels that are representing other patterns. We call this countermeasure variation. The related papers will be published in the next months and can be requested via e-mail are now available. [updated on Nov-29-2018]

Freitag, 31. August 2018

New Paper Featuring an Extension of the Pattern Taxonomy

This week, Steffen Wendzel presented a new paper on hiding patterns at the ARES CUING workshop:

W. Mazurczyk, S. Wendzel, K. Cabaj: Towards Deriving Insights into Data Hiding Methods Using Pattern-based Approach, in Proc. Second International Workshop on Criminal Use of Information Hiding (CUING 2018) at ARES, pp. 10:1-10:10, ACM, 2018.

This paper introduces two things: an extension of the existing pattern taxonomy and a new taxonomy of distributed covert channel techniques.

As this paper updates the existing pattern taxonomy, we updated our online pattern collection accordingly. Please note that some existing patterns have slightly different names (aliases) and identifiers now in order to provide a better numbering system.

Dienstag, 12. Juni 2018

New Article and Release of CCEAP v.0.6.0

First of all, our new article on recently emerging malware that utilizes information hiding methods was published today by the journal IEEE IT Professional.

Also today, CCEAP v0.6.0 was released. The tool contains some slight improvements over prior releases, also was the documentation improved.

Sonntag, 22. April 2018

Montag, 19. Februar 2018

Talk (and Live Stream) on Information Hiding

Steffen Wendzel will give a talk entitled steganography ante portas at this year's Hack-in-the-Box (HitB) event in Amsterdam on April, 12th. The talk will provide an overview of current developments in Information Hiding and will also introduce the Europol EC3-supported CUING initiative.

You can register for the live stream here (free). Please note that the talk will be based (at least in parts) on our recent CACM paper (open access).