A reflective covert channel attack anchored on trusted web services
This paper introduces a novel attack that can covertly exfiltrate data from a compromised network to a blocked external endpoint, using public web services as the intermediaries and exploiting both HTTP requests and DNS queries. We first identify at least 16 public web services and 2 public HTTP proxies that can serve this purpose. Then we build a prototype attack using these public services and experimentally confirm its effectiveness, including an average data transfer rate of 361 bits per second. Finally, we present the design, implementation and evaluation of a proof-of-concept defense that uses information-theoretic entropy of the DNS queries to detect this novel attack.
- Publisher
- Springer Verlag
- Issue Date
- 2018-06
- Language
- English
- Citation
25th International Conference on Web Services, ICWS 2018 Held as Part of the Services Conference Federation, SCF 2018, pp.84 - 99
- ISSN
- 0302-9743
- Appears in Collection
- CS-Conference Papers(학술회의논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.