JUCS - Journal of Universal Computer Science 24(5): 556-576, doi: 10.3217/jucs-024-05-0556
WoDiCoF - A Testbed for the Evaluation of (Parallel) Covert Channel Detection Algorithms
expand article infoRalf Keidel, Steffen Wendzel, Sebastian Zillien, Eric S. Conner, Georg Haas
‡ Worms University of Applied Sciences, Worms, Germany
Open Access
With the increasing number of steganography-capable malware and the increasing trend of stealthy data exfiltrations, network covert channels are becoming a crucial security threat - also for critical infrastructures (CIs): network covert channels enable the stealthy remote-control of malware nested in a CI and allow to exfiltrate sensitive data, such as sensor values, firmware or configuration parameters. We present WoDiCoF, a distributed testbed, accessible for the international research community to perform a unified evaluation of detection algorithms for network covert channels. In comparison to existing works, our testbed is designed for upcoming big- data scenarios, in which huge traffic recordings must be analyzed for covert channels. It is the first testbed to allow the testing of parallel detection algorithms. To evaluateWoDiCoF, we took a detection algorithm published in ACM CCS/TISSEC, verified several of the original results and enhanced the understanding of its performance by considering previously unconsidered parameters. By parallelizing the algorithm, we could moreover achieve a speed-up of 2.89 with three nodes.
covert channels, network steganography, information hiding, parallel computing, scientific methodology, testbeds