Donnerstag, 12. Juli 2018

New Paper: A Testbed for the Evaluation of (Parallel) Covert Channel Detection Algorithms

A new paper has just been published:

Ralf Keidel, Steffen Wendzel, Sebastian Zillien, Eric S. Conner and Georg Haas: WoDiCoF – A Testbed for the Evaluation of (Parallel) Covert Channel Detection Algorithms, Journal of Universal Computer Science, Vol. 24(5), pp. 556-576, 2018.

With the increasing number of steganography-capable malware and the increasing trend of stealthy data exfiltrations, network covert channels are becoming a crucial security threat - also for critical infrastructures (CIs): network covert channels enable the stealthy remote-control of malware nested in a CI and allow to exfiltrate sensitive data, such as sensor values, firmware or configuration parameters.
We present WoDiCoF, a distributed testbed, accessible for the international research community to perform a unified evaluation of detection algorithms for network covert channels. In comparison to existing works, our testbed is designed for upcoming big- data scenarios, in which huge traffic recordings must be analyzed for covert channels. It is the first testbed to allow the testing of parallel detection algorithms.
To evaluateWoDiCoF, we took a detection algorithm published in ACM CCS/TISSEC, verified several of the original results and enhanced the understanding of its performance by considering previously unconsidered parameters. By parallelizing the algorithm, we could moreover achieve a speed-up of 2.89 with three nodes.
Keywords: covert channels, information hiding, network steganography, parallel computing, scientific methodology, testbeds

Keine Kommentare:

Kommentar veröffentlichen