Data Exfiltration via Flow Hijacking at the Socket Layer

dc.contributor.author Bergen, Eric
dc.contributor.author Lukaszewski, Daniel
dc.contributor.author Xie, Geoffrey
dc.date.accessioned 2022-12-27T19:22:56Z
dc.date.available 2022-12-27T19:22:56Z
dc.date.issued 2023-01-03
dc.description.abstract The severity of data exfiltration attacks is well known, and operators have begun deploying elaborate host and network security controls to counter this threat. Consequently, malicious actors spare no efforts finding methods to obfuscate their attacks within common network traffic. In this paper, we expose a new type of application transparent, kernel level data exfiltration attacks. By embedding data into application messages while they are held in socket buffers outside of applications, the attacks have the flexibility to hijack flows of multiple distinct applications at a time. Furthermore, we assess the practical implications of the attacks using a testbed emulating a typical data exfiltration scenario. We first prototype required attack functionalities with existing Layer 4.5 application message customization software, and then perform flow hijacking experiments with respect to six common application protocols. The results confirm the flexibility of socket layer attacks and their ability to evade typical security controls.
dc.format.extent 10
dc.identifier.doi 10.24251/HICSS.2023.801
dc.identifier.isbn 978-0-9981331-6-4
dc.identifier.uri https://hdl.handle.net/10125/103435
dc.language.iso eng
dc.relation.ispartof Proceedings of the 56th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject Cyber Operations, Defense, and Forensics
dc.subject exfiltration
dc.subject network security
dc.subject protocol customization
dc.title Data Exfiltration via Flow Hijacking at the Socket Layer
dc.type.dcmi text
prism.startingpage 6623
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
0645.pdf
Size:
568.94 KB
Format:
Adobe Portable Document Format
Description: