Research Article
CCgen: Injecting Covert Channels into Network Traffic
Table 1
CCgen wrapper configuration used in the evaluation.
| | | | | | | | Suricata | Suricata | Flow | Message | Technique | Key | Mapping | bpp | Constr | Clean PCAP | Modif. PCAP |
| 1 | cod00 | ipflags | 2tup | bin | 1 | None | No-alarm | No-alarm | 2 | cod01 | ipid | 5tup | 8 bits | 8 | None | No-alarm | No-alarm | 3 | cod02 | iplen | 2tup | bin_off60 | 1 | None | Invalid-ack | No-alarm | 4 | cod03 | iplen | 3tup | 8 bits_off50 | 8 | None | No-alarm | No-alarm | 5 | cod04 | ipproto | 2tup | ipproto_1 bit | 1 | None | Out-of-window | Out-of-window, UDP-too-small | 6 | cod05 | iptos | 5tup | 6 bits | 6 | None | No-alarm | No-alarm | 7 | cod06 | srcport | 3tup | 8 bits_off1k | 8 | tcp | No-alarm | No-alarm | 8 | cod07 | srcport | 3tup | 8 bits_off1k | 8 | udp | No-alarm | No-alarm | 9 | cod08 | ttl_v2s | 2tup | ttl_v2s | 1 | None | No-alarm | No-alarm | 10 | cod09 | ipaddr | 1tup | ipaddr_8 bits | 8 | None | Scan/brute-force | Scan/brute-force | 11 | cod10 | ttl_r2s | 2tup | ttl_r2s | 1 | None | No-alarm | No-alarm | 12 | cod11 | srcport_r2s | 3tup | srcport_r2s | 1 | tcp/udp | No-alarm | No-alarm | 13 | cod12 | iplen_r2s | 2tup | len_r2s | 1 | None | No-alarm | No-alarm | 14 | cod13 | ipfragment | 5tup | 13 bits | 13 | None | No-alarm | No-alarm | 15 | cod14 | urgent | 5tup | 16 bits | 16 | tcp | No-alarm | No-alarm | 16 | cod15 | ttl_dev | 2tup | ttl_dev | 1 | None | No-alarm | No-alarm | 17 | cod16 | srcport_dev | 3tup | srcport_dev | 8 | tcp/udp | No-alarm | No-alarm | 18 | cod17 | timing_ber | 2tup | timing_ber | 1 | None | No-alarm | No-alarm | 19 | cod18 | timing_gas | 2tup | timing_gas | 1 | None | No-alarm | No-alarm | 20 | cod19 | timing_sha | 2tup | timing_sha | 1 | None | No-alarm | No-alarm |
|
|
Keys: IPsrc (1tup) IPsrc, IPdst (2tup) IPsrc, IPdst, Protocol (3tup) IPsrc, IPdst, Protocol, SrcPort, DstPort (5tup).
|