Hidden in Plain Sight. SDP-Based Covert Channel for Botnet Communication
详细信息    查看全文
  • 关键词:SIP ; Botnet ; Covert channel ; C&C ; SDP
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2015
  • 出版时间:2015
  • 年:2015
  • 卷:9264
  • 期:1
  • 页码:48-59
  • 全文大小:730 KB
  • 参考文献:1.Mohr, C.: Report: Global voip services market to reach 137 billion by 2020, November 2014. http://?www.?tmcnet.?com/?channels/?hosted-softswitch/?articles/-93593-report-global-voip-services-market-reach-137-billion.?htm
    2.Keromytis, A.D.: A comprehensive survey of voice over ip security research. IEEE Commun. Surv. Tutorials 14(2), 514-37 (2012)View Article
    3.Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., et al.: Survey of security vulnerabilities in session initiation protocol. IEEE Commun. Surv. Tutorials 8(3), 68-1 (2006)View Article
    4.Handley, M. et al.: Sdp: session description protocol. RFC 4566, US (2006)
    5.Anagnostopoulos, M., Kambourakis, G., Kopanos, P., Louloudakis, G., Gritzalis, S.: Dns amplification attack revisited. Comput. Secur. 39, 475-85 (2013)View Article
    6.Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378-03 (2013)View Article
    7.Wang, P., Wu, L., Aslam, B., Zou, C.C.: A systematic study on peer-to-peer botnets. In: IEEE ICCCN 2009, pp. 1-, August 2009
    8.Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113-27 (2010)View Article
    9.Geneiatakis, D., Kambourakis, G., Lambrinoudakis, C., Gritzalis, T.S.: A framework for protecting a sip-based infrastructure against malformed message attacks. Comput. Netw. 51(10), 2580-593 (2007)View Article
    10.Sip service providers and carriers (2015). http://?www.?cs.?columbia.?edu/?sip/?service-providers.?html
    11.Rosenberg, J., et al.: Sip: session initiation protocol. IETF RFC 3261, US (2002)
    12.Mills, D.: Network time protocol (version 3) specification, implementation. RFC 1305, US (1992)
    13.O’Doherty, P., Ranganathan, M.: JAIN SIP Tutorial - Serving the Developer Community, Technical report (2003)
    14.Kamailio the open source sip server (2014). http://?www.?kamailio.?org/?w/-/span>
    15.Berger, A., Hefeeda, M.: Exploiting sip for botnet communication. In: IEEE NPSec 2009, pp. 31-6, October 2009
    16.Mazurczyk, W., Szczypiorski, K.: Covert channels in sip for voip signalling. In: Jahankhani, H., Revett, K., Palmer-Brown, D. (eds.) Global E-Security. CCIS, vol. 12, pp. 65-2. Springer, Heidelberg (2008)View Article
    17.Zhao, H., Zhang, X.: Sip steganalysis using chaos theory. In: IEEE CMCSN 2012, pp. 95-00, July 2012
    18.Takahashi, T., Lee, W.: An assessment of voip covert channel threats. In: IEEE SecureComm 2007, pp. 371-80, September 2007
    19. Mazurczyk, W., Szczypiorski, K.: Steganography of VoIP streams. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1001-018. Springer, Heidelberg (2008) View Article
    20.Mazurczyk, W., Kotulski, Z.: Covert channel for improving voip security. In: Peja?, J., Saeed, K. (eds.) Advances in Information Processing and Protection, pp. 271-80. Springer, US (2007)View Article
  • 作者单位:Zisis Tsiatsikas (16)
    Marios Anagnostopoulos (16)
    Georgios Kambourakis (16)
    Sozon Lambrou (16)
    Dimitris Geneiatakis (17)

    16. Department of Information and Communication Systems Engineering, University of the Aegean, Karlovassi, Greece
    17. Electrical and Computer Engineering Department, Aristotle University of Thessaloniki, 541 24, Thessaloniki, Greece
  • 丛书名:Trust, Privacy and Security in Digital Business
  • ISBN:978-3-319-22906-5
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
文摘
Covert channels pose a significant threat for networking systems. In this paper, we examine the exploitation of Session Description Protocol (SDP) information residing in Session Initiation Protocol (SIP) requests with the aim to hide data in plain sight. While a significant mass of works in the literature cope with covert communication channels, only a very limited number of them rely on SIP to realize its goals. Also, none of them concentrates on SDP data contained in SIP messages to implement and evaluate such a hidden communication channel. Motivated by this fact, the work at hand proposes and demonstrates the feasibility of a simple but very effective in terms of stealthiness and simplicity SIP-based covert channel for botnet Command and Control (C&C). As a side contribution, we assess the soundness and the impact of such a deployment at the victim’s side via the use of two different types of flooding attacks.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700