JUCS - Journal of Universal Computer Science 24(7): 864-891, doi: 10.3217/jucs-024-07-0864
SOMSteg - Framework for Covert Channel, and its Detection, within HTTP
expand article infoWaldemar Graniszewski, Jacek Krupski, Krzysztof Szczypiorski
‡ Warsaw University of Technology, Warsaw, Poland
Open Access
Abstract
Due to high efficiency and relatively ease of use, application-layer covert channels, especially HyperText Transfer Protocol (HTTP), have been extensively studied in recent years. This paper extends a new steganographic method where the covert channel is created within the HTTP protocol header, i.e., trailer field. HTTP is the most popular protocol for browsing the Internet and gives the possibility of information sharing. The popularity of HTTP traffic is one of the requirements for undetectable message exchange. This paper presents SOMSteg - a framework for a covert channel, and its detection as a countermeasure, within HTTP. The server's and client's parts are implemented in the JavaScript language and based on the Node.js. Several machine learning techniques can be used for anomaly detection. We tested the detection possibility of such hidden communication by Self Organizing Maps (SOMs). SOMs were also used for tuning the parameters of the covert channel settings within the HTTP trailer. The results of the performed studies are also presented.
Keywords
information hiding, covert channels, network steganography, HTTP, SOM, machine learning