Bo-Chao Cheng1, Guo-Tan Liao1, Hsu-Chen Huang1, and Ping-Hai Hsu2
(1) National Chung Cheng University, Chiayi, Taiwan
(2) Industrial Technology Research Institute, Hsinchu, Taiwan
Abstract The popularity of the Internet has increased the ease of online access to malicious software, and the amount of software designed to perform denial-of-service (DoS) attacks is incalculable. This enables hackers to use online resources to easily launch attacks, posing serious threats to network security. The ultimate solution to increasingly severe DoS attacks is to identify the sources of the attacks; this is known as an IP traceback or forensics. However, the Network Forensic Analysis Tool is limited by the storage space, which significantly reduces the effects of the traceback. We proposed a Cheetah mechanism, which was proposed to overcome the disadvantage of requiring a significant data storage requirement. This involved using mechanic learning to filter irrelevant data, thereby retaining only the evidence related to DoS attacks to perform subsequent tracebacks. The experiment results confirmed that the proposed mechanism can reduce the quantity of data that requires storage and maintain a certain level of forensic accuracy.
Keywords Network security – Network forensics – IP traceback – Hidden naive Bayes (HNB)
Efficient searchable ID-based encryption with a designated server
Tsu-Yang Wu1, 2, Tung-Tso Tsai3,and Yuh-Min Tseng3
(1) Harbin Institute of Technology, Shenzhen, China
(2) Shenzhen Key Laboratory of Internet Information Collaboration, Shenzhen, China
(3) National Changhua University of Education, Taiwan, Republic of China
Abstract Public key encryption with keyword search (PEKS) is a mechanism that allows one to extract e-mails containing a particular keyword by providing a trapdoor corresponding to the keyword. And parties without the trapdoor are unable to learn any information about the extracted e-mails. Meanwhile, a PEKS scheme is also suitable to provide a secure storage system in cloud computing environment. However, in a PEKS scheme, a secure channel must be established to transmit trapdoors. A PEKS scheme with a designated server, termed dPEKS, removes the requirement of the secure channel while retaining the same functionality of PEKS. Up to date, the related studies on dPEKS are all based on the pairing-based public key system. No work focuses on dPEKS based on ID-based systems, termed dIBEKS. In this article, we propose the first dIBEKS scheme that possesses the advantage (removing certificate management) of ID-based systems. Security analysis is given to demonstrate that our scheme is provably secure and can resist off-line keyword guessing attacks. When compared with previously proposed dPEKS schemes, our scheme has better performance in terms of computational time.
Keywords Searchable public key encryption – Designated server – Identity-based – Bilinear pairings
Syndrome trellis codes based on minimal span generator matrix
Weiwei Liu, Guangjie Liu and Yuewei Dai
Nanjing University of Science and Technology, China
Abstract To improve the embedding efficiency of steganography, syndrome coding based on the coding theory has attracted many researchers’ attentions. In this paper, we make use of the relationship between syndrome coding for minimizing additive distortion and maximum likelihood decoding for linear codes to analyze the main parameters of convolutional codes which influence the embedding efficiency. And, the new syndrome trellis codes based on minimal span generator matrix is proposed. It can be considered an alternative construction of the state-of-the-art syndrome trellis codes (STCs) proposed by Filler and Fridrich recently. Experimental results show that the proposed scheme owns the same embedding performance to STCs and achieve the reduced time complexity and storage requirement meanwhile.
– Syndrome coding
– Syndrome trellis codes
– Minimal span generator matrix
Hidden and under control – A survey and outlook on covert channel-internal control protocols
Steffen Wendzel1 and Jörg Keller2
(1) Fraunhofer FKIE, Bonn, Germany
(2) FernUniversität in Hagen, Germany
Abstract Network covert channels are policy-breaking and stealthy communication channels in computer networks. These channels can be used to bypass Internet censorship, to exfiltrate data without raising attention, to allow a safe and stealthy communication for members of political oppositions and for spies, to hide the communication of military units at the battlefield from the enemy, and to provide stealthy communication for today’s malware, especially for botnets. To enhance network covert channels, researchers started to add protocol headers, so-called micro-protocols, to hidden payload in covert channels. Such protocol headers enable fundamental features such as reliability, dynamic routing, proxy capabilities, simultaneous connections, or session management for network covert channels—features which enrich future botnet communications to become more adaptive and more stealthy than nowadays. In this survey, we provide the first overview and categorization of existing micro-protocols. We compare micro-protocol features and present currently uncovered research directions for these protocols. Afterwards, we discuss the significance and the existing means for micro-protocol engineering. Based on our findings, we propose further research directions for micro-protocols. These features include to introduce multi-layer protocol stacks, peer auto-configuration, and peer group communication based on micro-protocols, as well as to develop protocol translation in order to achieve inter-connectivity for currently separated overlay networks.
Keywords Network covert channel
– Covert channel-internal control protocols
– Information hiding
Adaptive JPEG steganography with new distortion function
Fengyong Li, Xinpeng Zhang, Jiang Yu and Wenfeng Shen
Shanghai University, China
Abstract This paper presents an adaptive steganographic scheme in JPEG images by designing a novel distortion function. While some previous works employed distortion functions based on coefficient difference, we point out that the data embedding on coefficients with larger absolute values may cause less steganalytic detectability. In the proposed scheme, the distortion function is derived from both the coefficient residual and coefficient value, which measures the risks of detection due to the modification on cover data. With an exhaustive searching method, the parameters of the proposed distortion function are optimized. Then, we may employ syndrome trellis coding to embed the secret data into JPEG images when keeping a low risk. This way, the modifications are forced into high textured areas in JPEG images, and experimental results demonstrate that the steganographic security is improved by the designed distortion function.
Keywords Steganography – Distortion function – Steganalysis
Efficient wet paper embedding for steganography with multilayer construction
Xinpeng Zhang1, Chuan Qin2 and Liquan Shen1
(1) Shanghai University, China
(2) University of Shanghai for Science and Technology, China
Abstract This work proposes an efficient data hiding scheme for wet paper channel by using a multilayer construction, in which a number of node-bits in different layers are derived from all cover bits and used to carry the secret data. By applying the wet paper coding method to the node-bits and altering the changeable cover bits, the node-bits are modified into their desired values and the secret data are embedded in a layer-by-layer manner. An equilibration mechanism is also introduced to flip the denser changeable cover bits with higher probability. This way, paper folding method is equivalent to a special case of the proposed scheme, and a family of data hiding methods with more flexible relative payload and higher embedding efficiency can be generated.
Keywords Steganography – Wet paper channel – Embedding efficiency
Steganalysis of transcoding steganography
Artur Janicki, Wojciech Mazurczyk and Krzysztof Szczypiorski
(1) Warsaw University of Technology, Poland
Abstract Transcoding steganography (TranSteg) is a fairly new IP telephony steganographic method that functions by compressing overt (voice) data to make space for the steganogram by means of transcoding. It offers high steganographic bandwidth, retains good voice quality, and is generally harder to detect than other existing VoIP steganographic methods. In TranSteg, after the steganogram reaches the receiver, the hidden information is extracted, and the speech data is practically restored to what was originally sent. This is a huge advantage compared with other existing VoIP steganographic methods, where the hidden data can be extracted and removed, but the original data cannot be restored because it was previously erased due to a hidden data insertion process. In this paper, we address the issue of steganalysis of TranSteg. Various TranSteg scenarios and possibilities of warden(s) localization are analyzed with regards to the TranSteg detection. A novel steganalysis method based on Gaussian mixture models and mel-frequency cepstral coefficients was developed and tested for various overt/covert codec pairs in a single warden scenario with double transcoding. The proposed method allowed for efficient detection of some codec pairs (e.g., G.711/G.729), while some others remained more resistant to detection (e.g., iLBC/AMR).
Keywords IP telephony – Network steganography – Steganalysis – MFCC parameters – Gaussian mixture models
Steganalysis of prediction mode modulated data-hiding algorithms in H.264/AVC video stream
Songbin Li1, Haojiang Deng2, Hui Tian3, and Qiongxing Dai1
(1) Chinese Academy of Sciences, Haikou, China
(2) National Network New Media Engineering Research Center, Beijing, China
(3) National Huaqiao University, Xiamen, China
Abstract In the intra-frame coding of H.264/AVC, information hiding can be implemented by modulating the prediction modes of 4 × 4 luminance blocks. Because such kind of methods has characteristics of high speed, good concealment, and so on, it is very suitable to build the covert communication system based on video communications and brings a great public security threat. Therefore, it is important to study its steganalysis method. In this paper, we first analyzed the changes of remarkable characteristics in intra-frame coding caused by modulating intra-prediction modes for information hiding, and found that the inherent correlation among the prediction modes in different 4 × 4 luminance blocks belonging to an intra-frame coding macroblock was changed. According to several different positional relationships of the adjacent 4 × 4 blocks in spatial domain, we designed statistical models corresponding to the prediction mode correlation to make quantitative extraction of these correlation characteristics. An information hiding detector was constructed based on the support vector machine. Based on the constructed detector, the experimental results show that the mean of the detection accuracy, recall ratio, and precision ratio are all excellent for different test video sequences.
Keywords H.264/AVC – Steganalysis – Intra-frame coding – Prediction mode correlation