Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
6884900 | Journal of Network and Computer Applications | 2018 | 13 Pages |
Abstract
Application-layer covert channels have been extensively studied in recent years. Ubiquitous application packets serving as covert carriers contain a considerable potential channel capacity. However, undetectability is still a challenging task to be resolved for practicability, as almost all existing covert channels are frustrated by specific detection methods. In this paper, we focus on the problem of undetectable application-layer covert channels. We found a natural HTTP behavior that distribution relationships between HTTP requests and flows are dynamic when opening a webpage. Motivated by this finding, we present a behavior-based covert channel, Lost in HTTP Behaviors (LiHB). LiHB embeds secret messages into request-flow distributions using combinatorics without changing any packet contents. Furthermore, LiHB achieves automatic coding with no need for a codebook. In particular, LiHB is able to penetrate web proxy to transmit information stealthily. To overcome limitations of LiHB, we propose an enhanced secure HTTP behavior-based covert channel (HBCC), which is statistically undetectable by shape and regularity tests. HBCC employs an independent and identically distributed (i.i.d.) inter-request delay (IRD) generator to maintain the request distribution of legitimate traffic, and mimics normal browsing patterns based on the frequent traversal sequences. Experimental results show LiHB and HBCC have a good performance and reliability, and HBCC outperforms LiHB in terms of channel capacity and undetectability.
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Yao Shen, Wei Yang, Liusheng Huang,