Concealed in web surfing: Behavior-based covert channels in HTTP. (1st January 2018)
- Record Type:
- Journal Article
- Title:
- Concealed in web surfing: Behavior-based covert channels in HTTP. (1st January 2018)
- Main Title:
- Concealed in web surfing: Behavior-based covert channels in HTTP
- Authors:
- Shen, Yao
Yang, Wei
Huang, Liusheng - Abstract:
- Abstract: Application-layer covert channels have been extensively studied in recent years. Ubiquitous application packets serving as covert carriers contain a considerable potential channel capacity. However, undetectability is still a challenging task to be resolved for practicability, as almost all existing covert channels are frustrated by specific detection methods. In this paper, we focus on the problem of undetectable application-layer covert channels. We found a natural HTTP behavior that distribution relationships between HTTP requests and flows are dynamic when opening a webpage. Motivated by this finding, we present a behavior-based covert channel, Lost in HTTP Behaviors (LiHB). LiHB embeds secret messages into request-flow distributions using combinatorics without changing any packet contents. Furthermore, LiHB achieves automatic coding with no need for a codebook. In particular, LiHB is able to penetrate web proxy to transmit information stealthily. To overcome limitations of LiHB, we propose an enhanced secure HTTP behavior-based covert channel (HBCC), which is statistically undetectable by shape and regularity tests. HBCC employs an independent and identically distributed (i.i.d.) inter-request delay (IRD) generator to maintain the request distribution of legitimate traffic, and mimics normal browsing patterns based on the frequent traversal sequences. Experimental results show LiHB and HBCC have a good performance and reliability, and HBCC outperforms LiHB inAbstract: Application-layer covert channels have been extensively studied in recent years. Ubiquitous application packets serving as covert carriers contain a considerable potential channel capacity. However, undetectability is still a challenging task to be resolved for practicability, as almost all existing covert channels are frustrated by specific detection methods. In this paper, we focus on the problem of undetectable application-layer covert channels. We found a natural HTTP behavior that distribution relationships between HTTP requests and flows are dynamic when opening a webpage. Motivated by this finding, we present a behavior-based covert channel, Lost in HTTP Behaviors (LiHB). LiHB embeds secret messages into request-flow distributions using combinatorics without changing any packet contents. Furthermore, LiHB achieves automatic coding with no need for a codebook. In particular, LiHB is able to penetrate web proxy to transmit information stealthily. To overcome limitations of LiHB, we propose an enhanced secure HTTP behavior-based covert channel (HBCC), which is statistically undetectable by shape and regularity tests. HBCC employs an independent and identically distributed (i.i.d.) inter-request delay (IRD) generator to maintain the request distribution of legitimate traffic, and mimics normal browsing patterns based on the frequent traversal sequences. Experimental results show LiHB and HBCC have a good performance and reliability, and HBCC outperforms LiHB in terms of channel capacity and undetectability. … (more)
- Is Part Of:
- Journal of network and computer applications. Volume 101(2018)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 101(2018)
- Issue Display:
- Volume 101, Issue 2018 (2018)
- Year:
- 2018
- Volume:
- 101
- Issue:
- 2018
- Issue Sort Value:
- 2018-0101-2018-0000
- Page Start:
- 83
- Page End:
- 95
- Publication Date:
- 2018-01-01
- Subjects:
- Covert channels -- Application layer -- HTTP behaviors -- Request distributions -- Undetectability
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2017.10.019 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 5408.xml