Home // SECURWARE 2024, The Eighteenth International Conference on Emerging Security Information, Systems and Technologies // View article
An Analysis Framework for Steganographic Network Data in Industrial Control Systems
Authors:
Tom Neubert
Bjarne Peuker
Eric Schueler
Henning Ullrich
Laura Buxhoidt
Claus Vielhauer
Keywords: Information Hiding; Intrusion Detection and Attribution; Network Steganography; Stealthy Malware; Industrial Control Systems; Analysis Framework.
Abstract:
This paper presents a novel analysis framework for steganographic embedding methods in Industrial Control Systems (ICS) which enables the opportunity for a comprehensive comparison of different embedding methods based on a single uncompromized network traffic capture as cover. It is motivated by the observation, that industrial control systems are increasingly under attack by stealthy malware, e.g., for reloading malicious code and for data in- and exfiltration. Although multiple detection mechanisms based on published attacks have been developed in recent years, the diversity of steganographic attacks is still a major challenge, and the elaboration of further analysis mechanisms for detection and attribution is a constant arms race. In an exemplary evaluation of three embedding methods by the proposed framework, it is demonstrated that it is possible to assign 88.6% of the samples to a specific steganographic embedding method based on a machine learning approach, proofing the conceptual functionality of the framework. Also, it is shown that different characteristics of payloads can be identified in part. The proposed concept can thus help to derive further detection & defense mechanisms and to differentiate between embedding methods as well as embedded message types, which increases the potentials for an attribution of attackers in future, in addition to the detection of incidents.
Pages: 111 to 118
Copyright: Copyright (c) IARIA, 2024
Publication date: November 3, 2024
Published in: conference
ISSN: 2162-2116
ISBN: 978-1-68558-206-7
Location: Nice, France
Dates: from November 3, 2024 to November 7, 2024