Malware Communication: Hiding Techniques and Detection Methods
Thursday, 27 June 2019
Rundeturmstr. 10, S3| 20 Room 111
Abstract:
The protection of communication networks against new and unexpected attacks remains a challenging task. Proactive solutions often fail if new attack strategies are used or undetected vulnerabilities are exploited by malware. But sophisticated Malware needs to communicate to spread, to exfiltrate information or to establish Command & Control structures. This usually leaves traces in network traffic and helps to detect attacks or attack preparation activities. In order to prevent detection, attackers nowadays often use methods to hide and protect their communication. Besides traditional encryption, authentication and obfuscation methods, malware also can use network steganography, such as covert channels or subliminal channels, to hide information in TCP/IP headers, packet timing or digital signatures to even conceal the existence of a communication channel.
In this talk I will give an overview of methods to establish covert channels in TCP/IP communication and show how subliminal channels can be established in digital signatures, even in new high-speed signatures such as EdDSA. I will show some approaches for the detection of covert and subliminal channels, but will also point out the big challenges in preventing and detecting hidden malware communication. As an application example, I will describe a practical experiment that we performed to insert subliminal information in the digital signatures of the Bitcoin blockchain. I will then show how this method can be exploited to establish a Command & Control infrastructure for a large botnet.
Bio:
Prof. Dr.-Ing. Tanja Zseby is a full professor of communication networks and head of the Institute of Telecommunications at the Faculty of Electrical Engineering and Information Technology at TU Wien. She received her diploma degree (Dipl.-Ing.) in electrical engineering and her doctoral degree (Dr.-Ing.) from TU Berlin, Germany. Before joining TU Wien, she led the Competence Center for Network Research at the Fraunhofer Institute for Open Communication Systems (FOKUS) in Berlin and worked as visiting scientist at the University of California, San Diego. Her research focus is network security, anomaly detection and secure smart grid communication.
