Covert Communication Detection (CoCoDe)

Abstract

This project studied covert communication channels and especially focused on means for detecting distributed covert networks. Covert communication channels (also known as network steganography) allows a hidden sender and hidden receiver to exchange secret data. These covert communication channels can be used to conduct command and control of malicious servers, exfiltrate confidential data, or download further malicious code without the user being made aware. Thus, the topic of covert channel detection is a very important one to any large organization with sensitive data and particularly the Department of Defense. Hundreds of techniques can be used to create covert channels some of the most common techniques are to place data into unused fields of network protocol headers, change the size of network packets, manipulate inter-packet timing/order, or alter header elements (e.g., HTTP plaintext header lines). As adversaries grown in capability, more and more complex forms of covert channels will appear becoming increasingly difficult to detect and increasing in bandwidth. This includes, for example, steganographic botnets where all communication between bots is realized using some form of data hiding. The most concerning type of information hiding for botnets involves the study of Distributed Network Covert Channels (DNCCs). Over the course of 3.5 years, the 5-member research team (the PI, Co-PI, a PhD student, and two Masters students) utilized theoretical and experimental approaches to conduct covert channel research focusing on DNCCs. Overall, the research team produced four conference papers and two journal articles. The conference papers were published in the annual Availability, Reliability and Security (ARES) conference during the years 2018, 2019, 2020, and 2021 which is sponsored by the Association for Computing Machinery (ACM). The ARES conference, and ACM in particular, has a high academic pedigree.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 19, 2022
Accession Number
AD1165846

Entities

People

  • Krzystof Cabaj

Organizations

  • Warsaw University of Technology

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems
  • Space

DTIC Thesaurus Topics

  • Air Force
  • Artificial Intelligence
  • Communication Channels
  • Communication Systems
  • Computational Science
  • Computer Crime
  • Computer Languages
  • Computer Network Security
  • Computer Networks
  • Cybersecurity
  • Data Mining
  • Data Transmission
  • Information Science
  • Information Systems
  • Machine Learning
  • Network Protocols
  • Network Science
  • Software Defined Networks
  • Supervised Machine Learning
  • Voice Over Internet Protocol

Readers

  • Cybersecurity.
  • Radio communications and signal processing.
  • Research Science/Academic Research

Technology Areas

  • Fully Networked C3
  • Fully Networked C3 - Command and Control