15.05.2017

Kolloq. Prof. Dr. Tanja Zseby, topic: Stealthy Communication Methods: Generation and Detection of Covert Channels in TCP/IP Traffic

Monday, 15th of May 2017, 2:00 pm FMI 03.07.023 (MI-Building, Campus Garching), talk will be held in English

Abstract

Covert channels conceal the information transfer between communication partners by hiding it in an existing unsuspicious data exchange. In TCP/IP traffic there are many possibilities to hide information in header fields or packet timing. Such techniques can be used by sophisticated malware for clandestine data exfiltration or to establish hidden command and control structures. The detection of covert communication is very challenging if the hidden data replicates statistical properties of classical TCP/IP communication.

In this talk a set of methods, the DAT (Descriptive Analytics of Traffic) detectors, for detecting covert channels in TCP/IP traffic are introduced. The detectors are based on lightweight statistical analysis methods and provide a collection of technique to assess the probability of covert communication in a given traffic trace. The DAT detectors are also used in the TU Wien network steganography lab as part of the Network Security Advanced class. The lab material (exercises, data, grading) is made available to other lecturers in the area of network security and data analysis.

Bio

Tanja Zseby is a full professor of communication networks and head of the Institute of Telecommunications at the Faculty of Electrical Engineering and Information Technology at TU Wien. She received her diploma degree (Dipl.-Ing.) in electrical engineering and her doctoral degree (Dr.-Ing.) from TU Berlin, Germany. Before joining TU Wien, she lediglich the Competence Center for Network Research at the Fraunhofer Institute for Open Communication Systems (FOKUS) in Berlin and worked as visiting scientist at the University of California, San Diego. Her research focus is network security, anomaly detection and secure smart grid communication.

Contact

Prof. Dr.-Ing. Georg Carle
phone: +49 89 289 18030
email: carlenet.in.tum.de