Data Exfiltration via Flow Hijacking at the Socket Layer

dc.contributor.authorBergen, Eric
dc.contributor.authorLukaszewski, Daniel
dc.contributor.authorXie, Geoffrey
dc.date.accessioned2022-12-27T19:22:56Z
dc.date.available2022-12-27T19:22:56Z
dc.date.issued2023-01-03
dc.description.abstractThe severity of data exfiltration attacks is well known, and operators have begun deploying elaborate host and network security controls to counter this threat. Consequently, malicious actors spare no efforts finding methods to obfuscate their attacks within common network traffic. In this paper, we expose a new type of application transparent, kernel level data exfiltration attacks. By embedding data into application messages while they are held in socket buffers outside of applications, the attacks have the flexibility to hijack flows of multiple distinct applications at a time. Furthermore, we assess the practical implications of the attacks using a testbed emulating a typical data exfiltration scenario. We first prototype required attack functionalities with existing Layer 4.5 application message customization software, and then perform flow hijacking experiments with respect to six common application protocols. The results confirm the flexibility of socket layer attacks and their ability to evade typical security controls.
dc.format.extent10
dc.identifier.doi10.24251/HICSS.2023.801
dc.identifier.isbn978-0-9981331-6-4
dc.identifier.other6152ffdb-6dd8-496e-98aa-5bbe3c17b2a5
dc.identifier.urihttps://hdl.handle.net/10125/103435
dc.language.isoeng
dc.relation.ispartofProceedings of the 56th Hawaii International Conference on System Sciences
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subjectCyber Operations, Defense, and Forensics
dc.subjectexfiltration
dc.subjectnetwork security
dc.subjectprotocol customization
dc.titleData Exfiltration via Flow Hijacking at the Socket Layer
dc.type.dcmitext
prism.startingpage6623

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
0645.pdf
Size:
568.94 KB
Format:
Adobe Portable Document Format