The New Threats of Information Hiding: The Road Ahead

  title={The New Threats of Information Hiding: The Road Ahead},
  author={Krzysztof Cabaj and L. Caviglione and Wojciech Mazurczyk and Steffen Wendzel and Alan Woodward and Sebastian Zander},
  journal={IT Professional},
A recent trend involves exploiting various information-hiding techniques to empower malware-for example, to bypass mobile device security frameworks or to exfiltrate sensitive data. The authors provide an overview of information-hiding techniques that can be utilized by malware. They showcase existing and emerging threats that use different types of data-hiding mechanisms (not just those adopting classical covert channels), with the goal of monitoring these threats and proposing efficient… 

Figures and Tables from this paper

Exploiting minification for data hiding purposes
This paper investigates whether minification of JavaScript files can be exploited for data hiding purposes and results prove that this is feasible and thus countermeasures must be adjusted to take into account such threats.
IPv6 Covert Channels in the Wild
This paper investigates IPv6 covert channels deployed in the wild and presents a performance evaluation of six different data hiding techniques for IPv6 including their ability to bypass some intrusion detection systems.
Data hiding: New opportunities for security and privacy?
This contribution provides an overview of the traditional data hiding applications and the current trends in this field, pointing out prospective uses of data hiding in the context of information security and privacy, but also introducing potential threats for users and the society as a whole when they are applied for evil.
Programmable Data Gathering for Detecting Stegomalware
The paper proposes to take advantage of the extended Berkeley Packet Filter to gather data for detecting stegomalware and reports some preliminary experimental results obtained as the joint outcome of two H2020 Projects, namely ASTRID and SIMARGL.
Data Hiding Using Code Obfuscation
Results confirm that the core idea of the proposed information hiding method is to replace some randomly generated strings being a part of the introduced dead code with the encoded secret message, which can be easily adopted for data hiding, thus countermeasures need to be adjusted accordingly.
Detecting Covert Channels Through Code Augmentation
This paper investigates the adoption of code augmentation features offered by the Linux kernel to gather data useful to reveal the presence of covert communications and indicates that technologies like the extended Berkeley Packet Filter can offer a foundation to frameworks for spotting and mitigating covert communications.
A survey of zero-day malware attacks and its detection methodology
Multiple methods available for the detection of malware are summarized, including code obfuscation along with one or more zero-days, which are used by malware developers for evading the security systems.
Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection
A detailed meta-review of the existing surveys related to malware and its detection techniques, showing an arms race between these two sides of a barricade and the evolution of modern threats in the communication networks.
Covert Channels in Transport Layer Security: Performance and Security Assessment
This paper investigates mechanisms that can be used to create covert channels within TLS conversations and demonstrates the inability of de-facto standard network security tools to spot TLS-based covert channels out of the box.
Information Hiding Using Minification
This paper systematically evaluates if the minification process can be effectively used for secret data transfer, and results indicate that the threat is real, thus countermeasures need to be adjusted accordingly.


Information Hiding as a Challenge for Malware Detection
This research highlights the need to have a better understanding of how malware uses information-hiding techniques to hide its existence and communication attempts.
Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures
A new classification and taxonomy for modern data hiding techniques is introduced and several example applications of information hiding in communication networks are introduced including some recent covert communication techniques in popular Internet services.
Improving the Stealthiness of DNS-Based Covert Communication
The results obtained show that current DNS-based C2 and data exfiltration approaches employed by malware have considerable room for improvement which suggests that DNS- based covert communication will remain a realistic threat into the future.
Stealthy malware traffic - Not as innocent as it looks
This study presents a counter-countermeasure that avoids network-based detection approaches by camouflaging malicious traffic as an innocuous protocol and shows that the transformed protocol fools current side-channel attacks.
Distributed and Collaborative Malware Analysis with MASS
This paper presents the Malware Analysis and Storage System (MASS), a novel framework for malware analysis designed as a distributed and scalable system and aims to empower cooperation between malware researchers.
Hide and Seek: An Introduction to Steganography
This article discusses existing steganographic systems and presents recent research in detecting them via statistical steganalysis and discusses the practical application of detection algorithms and the mechanisms for getting around them.
Botnet protocol inference in the presence of encrypted traffic
This work presents an end-to-end system for automatically discovering the encryption algorithm and keys, generating a protocol specification for the C&C traffic, and crafting effective network signatures.
VoIP steganography and its Detection—A survey
This article is a first survey of the existing Voice over IP (VoIP) steganography methods and their countermeasures.
20 years of covert channel modeling and analysis
  • J. Millen
  • Computer Science
    Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344)
  • 1999
The article traces the history of covert channel modeling from 1980 to the present, by tracing the low-order two bits of each pixel in a picture for your secret message, since no one would notice if they were changed.
Hiding information in a Stream Control Transmission Protocol