A Behavior Based Covert Channel within Anti-Virus Updates
نویسندگان
چکیده
This paper presents a new behavior based covert channel utilizing the database update mechanism of anti-virus software. It is highly covert due to unattended, frequent, automatic signature database update operations performed by the software. The design of the covert channel is described; its properties are discussed and demonstrated by a reference implementation. This paper uses these points to strengthen the inclusion of behavior-based covert channels within standard covert channel taxonomy.
منابع مشابه
Design of Transport Layer Based Hybrid Covert Channel Detection Engine
Computer network is unpredictable due to information warfare and is prone to various attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such attacks are devised using special communication channel called ``Covert Channel''. The word ``Covert'' stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within legitim...
متن کاملطراحی و ارزیابی روش کدگذاری ترکیبی برای کانال پوششی زمانبندیدار در شبکه اینترنت
Covert channel means communicating information through covering of overt and authorized channel in a manner that existence of channel to be hidden. In network covert timing channels that use timing features of transmission packets to modulating covert information, the appropriate encoding schema is very important. In this paper, a hybrid encoding schema proposed through combining "the inter-pac...
متن کاملSystematic Engineering of Control Protocols for Covert Channels
Within the last years, new techniques for network covert channels arose, such as covert channel overlay networking, protocol switching covert channels, and adaptive covert channels. These techniques have in common that they rely on covert channel-internal control protocols (so called micro protocols) placed within the hidden bits of a covert channel’s payload. An adaptable approach for the engi...
متن کاملNew Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation
In this paper, we examine general mechanisms that a covert channel may exploit and derive new minimum requirements for setting up a covert channel. We also propose a new classification of covert channels based on our analysis. Unlike the non-interference approaches, our approach is constructive, allowing the direct examination of system architectures at different abstraction levels for the pres...
متن کاملPreventing Protocol Switching Covert Channels
Network covert channels enable a policy-breaking network communication (e.g., within botnets). Within the last years, new covert channel techniques arose which are based on the capability of protocol switching. Such protocol switching covert channels operate within overlay networks and can (as a special case) contain their own internal control protocols. We present the first approach to effecti...
متن کامل