TY - GEN
T1 - An Approach for Thwarting Malicious Secret Channel
T2 - 14th International Conference on Risks and Security of Internet and Systems, CRiSIS 2019
AU - Saidi, Firas
AU - Trabelsi, Zouheir
AU - Ghézela, Henda Ben
N1 - Publisher Copyright:
© Springer Nature Switzerland AG 2020.
PY - 2020
Y1 - 2020
N2 - The Internet constitutes actually one of the main communication platforms for cybercriminals and terrorists to exchange secret messages and hidden information. The use of clear or non-encrypted network traffic to communicate over the Internet allows steganalysis process and surveillance agencies to easily identify the presence of secret messages and hidden information, and classify the involved entities as potential cyber criminals or terrorists. However, covert channels can be an efficient and remedial communication solution for cybercriminals and terrorists to exchanged secret messages and hidden information. In fact, most covert channels attempt to send clear and non- encrypted messages embedded in the fields of network packets in order to offer robust communication channels against steganalysis. Nevertheless, covert channels are an immense cause of security concern and are classified as a serious threat because they can be used to pass malicious messages. This explains why detection and elimination of covert channels are considered a big issue that faces security systems and needs to be addressed. In this paper, a novel approach for detecting a particular type of covert channels is discussed. The covert channel uses the IP Record route option header in network IP packets to send secret messages and hidden information. The paper demonstrates that this type of covert channels is not robust enough against steganalysis. The proposed detection approach is based on the IP Loose source route option header. Conducted experiments show that the proposed approach is simple and straightforward to implement and can contribute to identifying malicious online activities of cyber criminals and terrorists.
AB - The Internet constitutes actually one of the main communication platforms for cybercriminals and terrorists to exchange secret messages and hidden information. The use of clear or non-encrypted network traffic to communicate over the Internet allows steganalysis process and surveillance agencies to easily identify the presence of secret messages and hidden information, and classify the involved entities as potential cyber criminals or terrorists. However, covert channels can be an efficient and remedial communication solution for cybercriminals and terrorists to exchanged secret messages and hidden information. In fact, most covert channels attempt to send clear and non- encrypted messages embedded in the fields of network packets in order to offer robust communication channels against steganalysis. Nevertheless, covert channels are an immense cause of security concern and are classified as a serious threat because they can be used to pass malicious messages. This explains why detection and elimination of covert channels are considered a big issue that faces security systems and needs to be addressed. In this paper, a novel approach for detecting a particular type of covert channels is discussed. The covert channel uses the IP Record route option header in network IP packets to send secret messages and hidden information. The paper demonstrates that this type of covert channels is not robust enough against steganalysis. The proposed detection approach is based on the IP Loose source route option header. Conducted experiments show that the proposed approach is simple and straightforward to implement and can contribute to identifying malicious online activities of cyber criminals and terrorists.
KW - Covert channel
KW - Covert channel detection
KW - Cyber terrorism
KW - IP header option
KW - Steganalysis
UR - http://www.scopus.com/inward/record.url?scp=85082120993&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85082120993&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-41568-6_12
DO - 10.1007/978-3-030-41568-6_12
M3 - Conference contribution
AN - SCOPUS:85082120993
SN - 9783030415679
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 177
EP - 192
BT - Risks and Security of Internet and Systems - 14th International Conference, CRiSIS 2019, Proceedings
A2 - Kallel, Slim
A2 - Hadj Kacem, Ahmed
A2 - Cuppens, Frédéric
A2 - Cuppens-Boulahia, Nora
PB - Springer
Y2 - 29 October 2019 through 31 October 2019
ER -