Towards steganography detection through network traffic visualisation

@article{Mazurczyk2012TowardsSD,
  title={Towards steganography detection through network traffic visualisation},
  author={Wojciech Mazurczyk and Krzysztof Szczypiorski and B. Jankowski},
  journal={2012 IV International Congress on Ultra Modern Telecommunications and Control Systems},
  year={2012},
  pages={947-954}
}
The paper presents initial step toward new network anomaly detection method that is based on traffic visualisation. The key design principle of the proposed approach is the lack of direct, linear time dependencies for the created network traffic visualisations. The method's feasibility is demonstrated in network steganography environment by presenting steg-tomography methodology and developing the dedicated visualisation tool. To authors' best knowledge this is the first utilization of network… 
View on IEEE
arxiv.org
9 Citations
Background Citations
2
Methods Citations
6

9 Citations

Citation Type

Citation Type

Multilayer Detection of Network Steganography
TLDR
A new method based on a multilayer approach for the selective analysis of derived and aggregated metrics utilizing machine learning algorithms to provide steganalysis capability for networks with large numbers of devices and connections is presented.
Inter-Protocol Steganography for Real-Time Services and Its Detection Using Traffic Coloring Approach
TLDR
New inter-protocol hiding techniques which are suitable for real-time services and preliminary results of a novel steganography detection approach which relies on network traffic coloring are introduced.
An evaluation framework for network security visualizations
A New Network Steganographic Method Based on the Transverse Multi-Protocol Collaboration
TLDR
A new network steganographic method called Transverse Multi-Protocol Collaboration Network Steganographic Method (TMPCNSM) is proposed and experiments showed that the great advantage of this method over others are higher steganography bandwidth and more undetectable characteristics due to the complexity of multi-protocol collaborative.
A New DHT: Network Steganography Based on Distributed Coding
TLDR
A new network steganography based on distributed coding (NS-DCM) is proposed in this paper and the experimental results showed that the proposed method has an average bandwidth of 0.998 bits/packet and a better undetectability than some other network Steganography.
The Solution of Key Transmission in Multi-level Network Steganography
TLDR
The experimental results showed that this solution can realize synchronous transmission of the ciphertext and the key, which has a high steganographic bandwidth and a low Steganographic cost, improving the security of network steganography.
The Solution of Key Transmission in Multi-level Network Steganography
TLDR
The experimental results showed that this solution can realize synchronous transmission of the ciphertext and the key, which has a high steganographic bandwidth and a low Steganographic cost, improving the security of network steganography.
A hybrid technique for data embedding over wireless sensor networks based on cover generation through variance
  • Reetika Sodhi, Anshu Sharma
  • Computer Science
    2016 2nd International Conference on Next Generation Computing Technologies (NGCT)
  • 2016
TLDR
Two state of the art steganography techniques are studied which have been applied over speech data and image data respectively, and modified them in order to use them in network Steganography for wireless sensor networks and the hybrid technique performed well and have potential to be applied over wireless Sensor networks for military application.
An Authentication Scheme to Defend Against UDP DrDoS Attacks in 5G Networks
TLDR
This article presents a design, implementation, analysis, and experimental evaluation of an authentication scheme, a defense against UDP DrDoS attacks, by which attackers cleverly use rebound server farms to bounce a flood of packets to a target host.

References

SHOWING 1-10 OF 41 REFERENCES
Network Based Detection of Passive Covert Channels in TCP/IP
  • E. Tumoian, M. Anikeev
  • Computer Science
    The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l
  • 2005
TLDR
A new method of covert channel detection in initial sequence number (ISN) of TCP/IP is proposed in the paper and tested using experimental data generated by NUSHU covert channel creation tool.
A Survey of Visualization Systems for Network Security
TLDR
A comprehensive review of network security visualization is offered and a taxonomy in the form of five use-case classes encompassing nearly all recent works in this area is provided.
Retransmission steganography and its detection
TLDR
The paper presents a new steganographic method called RSTEG (retransmission steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms, to not acknowledge a successfully received packet in order to intentionally invoke retransmissions.
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Steganography of VoIP Streams
TLDR
The results of the experiment, that was performed to estimate a total amount of data that can be covertly transferred during typical VoIP conversation phase, regardless of steganalysis, are also included in this paper.
ReLACK: A Reliable VoIP Steganography Approach
  • Mohammad Hamdaqa, L. Tahvildari
  • Computer Science
    2011 Fifth International Conference on Secure Software Integration and Reliability Improvement
  • 2011
TLDR
This paper modifies the (k, n) threshold secret sharing scheme, which is based on Lagrange's Interpolation, and applies a two phase approach on the LACK steganography mechanism to provide reliability and fault tolerance and to increase steganalysis complexity.
Anomaly detection in multidimensional data using negative selection algorithm
  • D. Dasgupta, N. S. Majumdar
  • Computer Science
    Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600)
  • 2002
TLDR
Anomaly detection results with single and multidimensional data sets using the negative selection algorithm developed by Forrest et al. (1994) are reported.
What are suspicious VoIP delays?
Voice over IP (VoIP) is unquestionably the most popular real-time service in IP networks today. Recent studies have shown that it is also a suitable carrier for information hiding. Hidden
Information Hiding Using Improper frame padding
TLDR
Basing on real network traces, it is confirmed that PadSteg is feasible in today's networks and it is estimated what steganographic bandwidth is achievable while limiting the chance of disclosure.
A Study on the Covert Channel Detection of TCP/IP Header Using Support Vector Machine
TLDR
The experiments showed that the proposed method could discern the abnormal cases from normal TCP/IP traffic using a Support Vector Machine, which has excellent performance in pattern classification problems.
...
...