Date of Award

9-10-2010

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD

Abstract

As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged to create a novel covert data exfiltration technique. This technique revolves around altering user supplied data being uploaded to online repositories such as image hosting websites. It specifically targets devices that are often used to generate and upload content to the Internet, such as smartphones. The reliability of this technique is tested by creating a simulated version of Flickr as well as simulating how smartphone users interact with the service. Two different algorithms for recovering the exfiltrated data are compared. The results show a clear improvement for algorithms that are user-aware. The results continue on to compare performance for varying rates of infection of mobile devices and show that performance is proportional to the infection rate.

AFIT Designator

AFIT-GCO-ENG-10-16

DTIC Accession Number

ADA529357

Download

Share

COinS