Data Exfiltration via Flow Hijacking at the Socket Layer Bergen, Eric Lukaszewski, Daniel Xie, Geoffrey 2022-12-27T19:22:56Z 2022-12-27T19:22:56Z 2023-01-03
dc.description.abstract The severity of data exfiltration attacks is well known, and operators have begun deploying elaborate host and network security controls to counter this threat. Consequently, malicious actors spare no efforts finding methods to obfuscate their attacks within common network traffic. In this paper, we expose a new type of application transparent, kernel level data exfiltration attacks. By embedding data into application messages while they are held in socket buffers outside of applications, the attacks have the flexibility to hijack flows of multiple distinct applications at a time. Furthermore, we assess the practical implications of the attacks using a testbed emulating a typical data exfiltration scenario. We first prototype required attack functionalities with existing Layer 4.5 application message customization software, and then perform flow hijacking experiments with respect to six common application protocols. The results confirm the flexibility of socket layer attacks and their ability to evade typical security controls.
dc.format.extent 10
dc.identifier.doi 10.24251/HICSS.2023.801
dc.identifier.isbn 978-0-9981331-6-4
dc.language.iso eng
dc.relation.ispartof Proceedings of the 56th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.subject Cyber Operations, Defense, and Forensics
dc.subject exfiltration
dc.subject network security
dc.subject protocol customization
dc.title Data Exfiltration via Flow Hijacking at the Socket Layer
dc.type.dcmi text
prism.startingpage 6623
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
568.94 KB
Adobe Portable Document Format