Title: VANISH: a variable advanced network IRC stealth handling system

Authors: Wayne C. Henry; Barry E. Mullins

Addresses: United States Air Force, 1407 Maryland Ave, Severn MD 21144, USA ' Department of Electrical and Computer Engineering, Air Force Institute of Technology, 2950 Hobson Way, AFIT/ENG, Wright-Patterson AFB, OH 45433-7765, USA

Abstract: Exploration of advanced information hiding techniques is important to defeat illicit file extractions over networks. We introduce a framework for information hiding techniques for use over IRC, called VANISH-Variable Advanced Network IRC Stealth Handling System. Three methods for concealing information are developed under this framework to suit an attacker's needs - maximise channel capacity, minimise shape-based detectability, or provide a baseline for comparison using established techniques applied to IRC. Effectiveness of these scenarios is empirically tested using public IRC servers in Chicago, Illinois and Amsterdam, Netherlands. The Throughput method exfiltrates covert data at nearly 800 bits per second (bps) compared to 18 bps with the Baseline method and 0.13 bps for the Stealth method. The Stealth method uses Reed-Solomon forward error correction to reduce bit errors from 3.1% to nearly 0% with minimal additional overhead. The Stealth method also successfully evades shape-based detection tests but is vulnerable to regularity-based tests.

Keywords: network timing channels; steganography; evasion; IRC; internet relay chat; covert channel detection; stealth handling systems; information hiding; shape-based detection; regularity-based tests; network security.

DOI: 10.1504/IJSN.2014.060741

International Journal of Security and Networks, 2014 Vol.9 No.2, pp.114 - 123

Received: 25 May 2013
Accepted: 02 Oct 2013
Published online: 30 Apr 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article