Treffer: CCgen: Injecting Covert Channels into Network Traffic.

Covert channels are methods to convey information clandestinely by exploiting the inherent capabilities of common communication protocols. They can be used to hide malware communication as part of cyber attacks. Here, we present CCgen, a framework for injecting covert channels into network traffic that includes modules for common covert channels at the network and transport layer and allows a smooth integration of novel covert channel techniques. Our tool—openly available and implemented in Python—enables the operation on-the-fly in live communications as well as the manipulation of network traffic packet captures. We evaluate a first prototype by generating a varied assortment of covert channels based on state-of-the-art techniques and check their detectability with Suricata, a popular, open-source intrusion prevention and detection system. The injected covert channels remain mostly undetected. Our proposal fills a gap within the diversity of openly available tools for cybersecurity research and education. It builds a flexible environment for experts to test analysis algorithms, thus also enabling advanced training in applied network steganography. [ABSTRACT FROM AUTHOR]

Copyright of Security & Communication Networks is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)