A Covert Channel Using Named Resources
This addresses the problem of secure and stealthy data transmission for cybersecurity applications, though it is incremental as it builds on existing covert channel techniques.
The paper tackles the problem of creating undetectable network covert channels by using resource names like URLs to transmit information, achieving this by mimicking typical user behavior to avoid detection through statistical or behavioral analysis.
A network covert channel is created that uses resource names such as addresses to convey information, and that approximates typical user behavior in order to blend in with its environment. The channel correlates available resource names with a user defined code-space, and transmits its covert message by selectively accessing resources associated with the message codes. In this paper we focus on an implementation of the channel using the Hypertext Transfer Protocol (HTTP) with Uniform Resource Locators (URLs) as the message names, though the system can be used in conjunction with a variety of protocols. The covert channel does not modify expected protocol structure as might be detected by simple inspection, and our HTTP implementation emulates transaction level web user behavior in order to avoid detection by statistical or behavioral analysis.