Adaptive Detection of Covert Communication in HTTP

Free registration required

Executive Summary

The infection of computer systems with malicious software is an enduring problem of computer security. Avoiding an infection in the first place is a hard task, as computer systems are often vulnerable to a multitude of attacks. However, to explore and control an infected system, an attacker needs to establish a communication channel with the victim. While such a channel can be easily established to an unprotected end host in the Internet, infiltrating a closed network usually requires passing an application-level gateway - in most cases a web proxy - which constitutes an ideal spot for detecting and blocking unusual outbound communication. This papers introduces DUMONT, a system for detecting covert outbound HTTP communication passing through a web proxy.

  • Format: PDF
  • Size: 273.18 KB