Ways to Organize and Identify Steganographic Channels in IP Networks
DOI:
https://doi.org/10.22213/2410-9304-2024-3-78-84Keywords:
support, vector, statistical, analysis, modification, protocol, network, steganographyAbstract
The article is devoted to an overview of network steganography methods that can be used to build hidden message transmission channels in IP networks, as well as methods aimed at identifying such hidden channels. The article gives the concept of a stegocontainer, and provides classification of network steganography methods. The article discusses the following methods of organizing hidden channels: the method of changing the contents of network packet headers, the Transcoding Steganography (TranSteg) method, the delay modulation method, the Lost Audio Packet Steganography (LACK) method, the Retransmission Steganography (RSTEG) method. In the review of the method of changing the contents of network packet headers, the principle of implementing changes in values in some service fields of IP (Internet Protocol) and TCP (Transmission Control Protocol) packet headers, which do not lead to data transmission failure, are considered. In the overview of the TranSteg method, the principle of transcoding the contents of network packets delivering real-time traffic is considered in order to free up space in the packet, which will be used to transmit hidden information. In the review of the delay modulation method, the principles of hidden message encoding are considered, which is carried out by changing the delay value of sending packets in the network. In the review of the LACK method, the mechanism of deliberate retention of RTP packets with an embedded steganographic message is considered. In the review of the RSTEG method, the principle of TCP segment exchange is considered, which provides the possibility of transmitting a steganogram. A number of parameters are given by which it is possible to conclude that there is a hidden channel in the network. The applicability of statistical methods and the methods with a classifier for detecting hidden channels in IP networks is considered. The expediency of implementing statistical methods and methods with a classifier in integration with systems for capturing and analyzing network traffic is indicated.References
Гетьман А. И., Иконникова М. К. Обзор методов классификации сетевого трафика с использованием машинного обучения // Труды ИСП РАН. 2020. T. 32, № 6. С. 137-154. DOI 10.15514/ISPRAS-2020-32(6)-11.
Tomasz Koziak, Katarzyna Wasielewska, Artur Janicki How to Make an Intrusion Detection System Aware of Steganographic Transmission // EICC '21: Proceedings of the 2021 European Interdisciplinary Cybersecurity Conference. 2021. Pp. 77-82. DOI 10.1145/3487405.3487421.
Коромыслов К. Е. Исследование способов обнаружения метода сетевой стеганографии, основанного на преднамеренных временных задержках // НИЦ "Л-Журнал". 2021. № 70. С. 38-42. DOI 10.18411/lj-02-2021-09.
Красов А. В. Метод обнаружения сетевой стеганографии на основе статистического распределения полей сетевых пакетов // Издательство "Научные технологии". 2022. № 4. С. 84-91.
Бачило В. В., Дравица В. И., Листопад Н. И. Сравнительный анализ возможностей протоколов IPv6 и IPv4 для обеспечения заданного качества обслуживания // Доклады БГУИР. 2022. Т. 20, № 8. С. 75-83. DOI 10.35596/1729-7648-2022-20-8-75-83.
Wojciech Mazurczyk, Miłosz Smolarczyk, Krzysztof Szczypiorski Retransmission Steganography Applied // 2010 International Conference on Multimedia Information Networking and Security. 2010. DOI: 10.1109/MINES.2010.179.
Artur M. Brodzki, Jedrzej Bieniasz Yet Another Network Steganography Technique Basedon TCP Retransmissions // ICFSP 2019: 5th International Conference on Frontiers of Signal Processing. 2019. DOI: 10.1109/ICFSP48124. 2019.8938085.
Макаренко С. И., Черницкая Т. Е. Аспекты совместимости сетевых протоколов, интерфейсов и требований по качеству обслуживания в рамках оценки интероперабельности сетецентрических информационно-управляющих систем // Журнал радиоэлектроники. 2020. № 10. DOI 10.30898/1684-1719.2020.10.4.
Mazurczyk W., Lubacz J. LACK - a VoIP steganographic method // Telecommunication Systems. 2010. Vol. 45, no. 2-3. Pp. 153-163. DOI 10.1007/s11235-009-9245-y.
Коромыслов К. Е. Исследование способов обнаружения метода сетевой стеганографии, основанного на преднамеренных временных задержках // НИЦ "Л-Журнал". 2021. № 70. С. 38-42. DOI 10.18411/lj-02-2021-09.
Su Z., Li W., Zhang G. et al. A steganographic method based on gain quantization for iLBC speech streams // Multimedia Systems. 2020. vol. 26. pp. 223-233. DOI 10.1007/ s00530-019-00624-w.
Kheddar H., Megías D. High capacity speech steganography for the G723.1 coder based on quantised line spectral pairs interpolation and CNN auto-encoding // Applied Intelligence. 2022. vol. 52, pp. 9441-9459. DOI 10.1007/s10489-021-02938-7.
Mazurczyk W., Szaga P., Szczypiorski K. Using transcoding for hidden communication in IP telephony // Multimedia Tools and Application. 2014. vol. 70, no. 3, pp. 2139-2165. DOI 10.1007/s11042-012-1224-8.
Punam Bedi, Arti Dua.Network steganography using the overflow field of timestamp option in an IPv4 packet // Procedia Computer Science. 2020. vol. 171. pp. 1810-1818. DOI 10.1016/j.procs.2020.04.194.
Mazurczyk W., Smolarczyk M., Szczypiorski K. Retransmission steganography and its detection // Soft Computing. 2011. vol. 15, no 3. pp. 505-515. DOI 10.1007/s00500-009-0530-1.
Гвоздева И. Г., Громов А. С., Гвоздева О. М. Разработка и реализация метода цифровой стеганографии на основе встраивания псевдоинформации // Труды Института системного программирования РАН. 2023. Т. 35, № 3. С. 63-70. DOI 10.15514/ISPRAS-2023-35(3)-4.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Андрей Александрович Каринцев, Дмитрий Васильевич Ардашев
This work is licensed under a Creative Commons Attribution 4.0 International License.
