Scholars@Duke

Summary-invisible networking: Techniques and defenses

Publication ,  Conference
Wei, L; Reiter, MK; Mayer-Patel, K
Published in: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
January 1, 2011
Published version (DOI)

Numerous network anomaly detection techniques utilize traffic summaries (e.g., NetFlow records) to detect and diagnose attacks. In this paper we investigate the limits of such approaches, by introducing a technique by which compromised hosts can communicate without altering the behavior of the network as evidenced in summary records of many common types. Our technique builds on two key observations. First, network anomaly detection based on payload-oblivious traffic summaries admits a new type of covert embedding in which compromised nodes embed content in the space vacated by compressing the payloads of packets already in transit between them. Second, point-to-point covert channels can serve as a "data link layer" over which routing protocols can be run, enabling more functional covert networking than previously explored. We investigate the combination of these ideas, which we term Summary-Invisible Networking (SIN), to determine both the covert networking capacities that an attacker can realize in various tasks and the possibilities for defenders to detect these activities. © 2011 Springer-Verlag.

Duke Scholars

Michael Reiter
Author Michael Reiter Computer Science

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

10.1007/978-3-642-18178-8_19

EISSN

1611-3349

ISSN

0302-9743

Publication Date

January 1, 2011

Volume

6531 LNCS

Start / End Page

210 / 225

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Wei, L., Reiter, M. K., & Mayer-Patel, K. (2011). Summary-invisible networking: Techniques and defenses. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6531 LNCS, pp. 210–225). https://doi.org/10.1007/978-3-642-18178-8_19
Wei, L., M. K. Reiter, and K. Mayer-Patel. “Summary-invisible networking: Techniques and defenses.” In Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 6531 LNCS:210–25, 2011. https://doi.org/10.1007/978-3-642-18178-8_19.
Wei L, Reiter MK, Mayer-Patel K. Summary-invisible networking: Techniques and defenses. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2011. p. 210–25.
Wei, L., et al. “Summary-invisible networking: Techniques and defenses.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6531 LNCS, 2011, pp. 210–25. Scopus, doi:10.1007/978-3-642-18178-8_19.
Wei L, Reiter MK, Mayer-Patel K. Summary-invisible networking: Techniques and defenses. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2011. p. 210–225.

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

10.1007/978-3-642-18178-8_19

EISSN

1611-3349

ISSN

0302-9743

Publication Date

January 1, 2011

Volume

6531 LNCS

Start / End Page

210 / 225

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences