A framework for avoiding steganography usage over HTTP

Blasco, Jorge; Hernández-Castro, Julio; Fuentes, José María de; Ramos, Benjamín

doi:10.1016/j.jnca.2011.10.003

Cited by 19 publications

(6 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Alas, objects exchanged via HTTP can still contain hidden data. In this case, ad-hoc proxies can be deployed to check inline objects against steganographic contents and sanitize them [57]. This requires a non-negligible amount of computing resources and also accounts for the presence of specific detectors/sanitizers for each considered inline object (e.g., protocol headers, images, audio, video and additional plugins).…”

Section: Elimination and Limitationmentioning

confidence: 99%

Trends and Challenges in Network Covert Channels Countermeasures

Caviglione

2021

Applied Sciences

View full text Add to dashboard Cite

Network covert channels are increasingly used to endow malware with stealthy behaviors, for instance to exfiltrate data or to orchestrate nodes of a botnet in a cloaked manner. Unfortunately, the detection of such attacks is difficult as network covert channels are often characterized by low data rates and defenders do not know in advance where the secret information has been hidden. Moreover, neutralization or mitigation are hard tasks, as they require to not disrupt legitimate flows or degrade the quality perceived by users. As a consequence, countermeasures are tightly coupled to specific channel architectures, leading to poorly generalizable and often scarcely scalable approaches. In this perspective, this paper investigates trends and challenges in the development of countermeasures against the most popular network covert channels. To this aim, we reviewed the relevant literature by considering approaches that can be effectively deployed to detect general injection mechanisms or threats observed in the wild. Emphasis has been put on enlightening trajectories that should be considered when engineering mitigation techniques or planning the research to face the increasing wave of information-hiding-capable malware. Results indicate that many works are extremely specialized and an effective strategy for taming security risks caused by network covert channels may benefit from high-level and general approaches. Moreover, mechanisms to prevent the exploitation of ambiguities should be already considered in early design phases of both protocols and services.

show abstract

Section: Elimination and Limitationmentioning

confidence: 99%

Trends and Challenges in Network Covert Channels Countermeasures

Caviglione

2021

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Authors proposed an attack using discrete spring transform which will only distort the numerical value of the carrier media while keeping visual quality in a high level. Blasco, Jorge, et al [25] suggest a framework to forbid the steganography usage through HTTP. Different sanitizers that eliminate hidden content from any kind of information transmitted through HTTP were proposed.…”

Section: Related Workmentioning

confidence: 99%

Anti-forensic Approach to Remove StegoContent from Images and Videos

Amritha

Sethumadhavan

Ramakrishnan

et al. 2019

JCSM

View full text Add to dashboard Cite

Covert transmission of information hidden in different media to either a general or targeted audience constitutes steganography. However, this technique can be misused to transmit undesirable information. Traditionally the removal of such content necessitated the knowledge of the steganographic algorithm used. However, we address the scenario where such stego is removed using generic image processing operations along with an anti forensic method without assuming any knowledge of the steganographic algorithm used. The application of generic image processing operations also causes degradation of cover image, which can also be restored using this anti forensic method. Our procedure has been tested on a variety of steganographic algorithms including HUGO-BD, WOW, Synch and J-UNIWARD. By applying universal steganalysis we found that all images which have been subjected to our procedure have become stego free. However, a direct evaluation of the stego content assuming knowledge of the stego content and its location showed that 80 percentage of the stego is removed without significantly impacting the visual image quality. Video stream containing isolated static images have been addressed in this paper. The peak signal-to-noise ratio and structural

show abstract

“…У цьому методі для прихованої передачі даних можуть бути використані різні характеристики HTTP-повідомлень. До них належать модифікації порядку заголовків, їх структури та змісту [8,9]. Програмна модель, яка реалізує метод МС-HTTP, відповідає клієнт-серверній архітектурі: на стороні клієнта повідомлення перетворюється у двійковий формат і кодується як пробіли всередині HTTP-заголовків запитів.…”

Section: і огляд реалізованих методів мережної стеганографіїunclassified

Analysis of privacy and stability to interference in the communication channel of network steganography methods

Shcherbak¹,

Astrakhantsev²,

Shcherbak³

et al. 2018

Problemi Telekomunìkacìj

View full text Add to dashboard Cite

In this paper, for the first time, the effectiveness of network steganography methods has been investigated using channel coding of data when they are transmitted over communication channels with interferences, and the method of mathematical modeling evaluates the stability of network steganography methods to the detection. The network steganography methods concealing data in such protocols as HTTP, TCP and ICMP were considered. Using the ICMP «Secure» mode of the developed method, the greatest throughput was achieved. To study the noise resistance of the methods before transmission by the communication channel, the packets were encoded using the 2 Binary 1 Quandary linear coding algorithm, after which additive white Gaussian noise was added to the stego object. The paper substantiates the possibility of using network steganography methods to protect biometric data from unauthorized access in the case of using remote biometric authentication. Based on the research results, it was determined that the network steganography method based on hiding data in TCP is more efficient when working via communication channels with noise. It makes possible to recover a message with small distortions at a dispersion value of 0.4. But according to a set of criteria for resistance to noise and detection probability, the best is the «Fast» mode of the network steganography method based on hiding data in ICMP. Анотація-В роботі вперше досліджено ефективність методів мережної стеганографії за умови використання канального кодування даних при їх передачі каналом зв'язку з шумами та оцінено стійкість методів мережної стеганографії до виявлення. На основі результатів досліджень визначено, що метод мережної стеганографії з використанням протоколу TCP є більш ефективним за умови роботи каналами зв'язку з шумами, але за сукупністю критеріїв стійкість до шумів / прихованість найкращим є режим «Швидкий» методу мережної стеганографії з використанням протоколу ICMP.

show abstract

A framework for avoiding steganography usage over HTTP

Cited by 19 publications

References 23 publications

Trends and Challenges in Network Covert Channels Countermeasures

Trends and Challenges in Network Covert Channels Countermeasures

Anti-forensic Approach to Remove StegoContent from Images and Videos

Analysis of privacy and stability to interference in the communication channel of network steganography methods

Contact Info

Product

Resources

About