Pattern Collection

The following list represents the latest pattern collection that was published in [1], and improved by [2] and [3]. Each pattern comprises a number (pattern ID), the authors and publication reference where the pattern was first published*, a brief illustration of the pattern's use, a context (where can the pattern be found in the hierarchy of patterns) and a link to publications which provide evidence for the existence of the pattern.

* Please note that the author of a pattern is not necessarily the inventor of a particular hiding technique. Instead he/she is the one who recognized the pattern within different hiding techniques. The authors of the particular hiding techniques are listed in the `Evidence' attribute of each pattern.

Hierarchy of Hiding Patterns (from [3], as an extension of [1] and [2]).


Protocol-agnostic Covert Timing Channel Patterns:
PT1. Inter-packet Times
PT2. Message Timing
PT3. Rate/Throughput

Protocol-aware Covert Timing Channel Patterns:
PT10. Artificial Loss
PT11. Message (PDU) Order
PT12. Retransmission
PT13. Frame Collisions
PT14. Temperature

Structure Modifying Covert Storage Channel Patterns:
PS1. Size Modulation
PS2. Sequence, incl. sub-patterns
PS3. Add Redundancy


Structure Preserving Covert Storage Channel Patterns:
PS10. Random Value
PS11. Value Modulation, incl. sub-patterns
PS12. Reserved/Unused

User-data Agnostic Covert Storage Channel Patterns:
PS20. Payload Field Size Modulation (derived from PS1)
PS21. User-data Corruption

User-data Aware Covert Storage Channel Patterns:
PS30. Modify Redundancy
PS31. User-data Value Modulation and Reserved/Unused


Video Introduction:
 


Implementation: Most of these patterns, excluding the payload-specific patterns, can be created with the CCEAP tool.



References:
[1] S. Wendzel, S. Zander, B. Fechner, C. Herdin: Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys, Vol. 47, Issue 3, pp. 50:1-26, ACM, 2015.
An early version of the article is available here: download.

[2] W. Mazurczyk, S. Wendzel, S. Zander, A. Houmansadr, K. Szczypiorski: Information Hiding in Communication Networks, Wiley, 2016. Chapters 3 and 8 contain discussions on hiding patterns, basically on the basis of [1] but with an extension of timing-based patterns.

[3] W. Mazurczyk, S. Wendzel, K. Cabaj: Towards Deriving Insights into Data Hiding Methods Using Pattern-based Approach, in Proc. Second International Workshop on Criminal Use of Information Hiding (CUING 2018) at ARES, pp. 10:1-10:10, ACM, 2018.

Keine Kommentare:

Kommentar veröffentlichen