ABSTRACT
Digital transformation of many companies and government administrations, now accelerated by the pandemic, provides cybercriminals an increased opportunity of incorporating various types of information hiding techniques into the malicious software and by that perform different types of attacks. By leveraging data hiding methods, attackers can, e.g., exfiltrate confidential information, enable covert transfers between the compromised victim’s machine and an attacker-operated infrastructure, or stealthily transmit additional malicious tools. Furthermore, in the digital era, any type of digital channel can be exploited for data hiding, e.g., digital images, video or audio content, text, or network traffic. That is why it is of great importance to be acquainted with the different techniques that cybercriminals can utilize to design and introduce effective countermeasures and identify/eliminate these threats when they appear. Obfuscation is a popular technique in the software development domain which makes the code illegible and which protects the implemented algorithms and business logic from unauthorized disclosure. In this paper, we investigate whether code obfuscation can be abused for information hiding purposes. The core idea of the proposed information hiding method is to replace some randomly generated strings being a part of the introduced dead code with the encoded secret message. The performed experimental evaluation and obtained results confirm that such process can be easily adopted for data hiding, thus countermeasures need to be adjusted accordingly.
- Mohammed M Alani. 2010. Testing randomness in ciphertext of block-ciphers using DieHard tests. Int. J. Comput. Sci. Netw. Secur 10, 4 (2010), 53–57.Google Scholar
- Dennis Andriesse and Herbert Bos. 2014. Instruction-level steganography for covert trigger-based malware. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 41–50.Google ScholarCross Ref
- Matthias Bauer. 2003. New Covert Channels in HTTP: Adding Unwitting Web Browsers to Anonymity Sets(WPES ’03). Association for Computing Machinery, New York, NY, USA, 72–78. https://doi.org/10.1145/1005140.1005152Google ScholarDigital Library
- K. Cabaj, L. Caviglione, W. Mazurczyk, S. Wendzel, A. Woodward, and S. Zander. 2018. The New Threats of Information Hiding: The Road Ahead. IT Professional 20, 3 (2018), 31–39. https://doi.org/10.1109/MITP.2018.032501746Google ScholarDigital Library
- Luca Caviglione. 2021. Trends and Challenges in Network Covert Channels Countermeasures. Applied Sciences 11, 4 (Feb 2021), 1641. https://doi.org/10.3390/app11041641Google ScholarCross Ref
- Luca Caviglione, Michał Choraś, Igino Corona, Artur Janicki, Wojciech Mazurczyk, Marek Pawlicki, and Katarzyna Wasielewska. 2021. Tight Arms Race: Overview of Current Malware Threats and Trends in Their Detection. IEEE Access 9(2021), 5371–5396. https://doi.org/10.1109/ACCESS.2020.3048319Google ScholarCross Ref
- Christian Collberg, Clark Thomborson, and Douglas Low. 1997. A taxonomy of obfuscating transformations. Technical Report. Department of Computer Science, The University of Auckland, New Zealand.Google Scholar
- Europol EC3. 2020. Catching the virus cybercrime, disinformation and the COVID-19 pandemic. https://www.europol.europa.eu/sites/default/files/documents/catching_the_virus_cybercrime_disinformation_and_the_covid-19_pandemic_0.pdfGoogle Scholar
- Jun Ge, Soma Chaudhuri, and Akhilesh Tyagi. 2005. Control flow based obfuscation. In Proceedings of the 5th ACM workshop on Digital rights management. 83–92.Google ScholarDigital Library
- Tımea László and Ákos Kiss. 2009. Obfuscating C++ programs via control flow flattening. Annales Universitatis Scientarum Budapestinensis de Rolando Eötvös Nominatae, Sectio Computatorica 30, 1 (2009), 3–19.Google Scholar
- Cullen Linn and Saumya Debray. 2003. Obfuscation of Executable Code to Improve Resistance to Static Disassembly. In Proceedings of the 10th ACM Conference on Computer and Communications Security(Washington D.C., USA) (CCS ’03). Association for Computing Machinery, New York, NY, USA, 290–299. https://doi.org/10.1145/948109.948149Google ScholarDigital Library
- Douglas Low. 1998. Protecting Java code via code obfuscation. ACM Crossroads Student Magazine 4, 3 (1998), 21–23.Google ScholarDigital Library
- Kangjie Lu, Siyang Xiong, and Debin Gao. 2014. Ropsteg: program steganography with return oriented programming. In Proceedings of the 4th ACM conference on Data and application security and privacy. 265–272.Google ScholarDigital Library
- Nikos Mavrogiannopoulos, Nessim Kisserli, and Bart Preneel. 2011. A taxonomy of self-modifying code for obfuscation. Computers & Security 30, 8 (2011), 679–691.Google ScholarDigital Library
- Wojciech Mazurczyk and Luca Caviglione. 2021. Cyber Reconnaissance Techniques. Commun. ACM 64, 3 (Feb. 2021), 86–95. https://doi.org/10.1145/3418293Google ScholarDigital Library
- Wojciech Mazurczyk and Steffen Wendzel. 2017. Information Hiding: Challenges for Forensic Experts. Commun. ACM 61, 1 (Dec. 2017), 86–94. https://doi.org/10.1145/3158416Google ScholarDigital Library
- Wojciech Mazurczyk, Steffen Wendzel, and Krzysztof Cabaj. 2018. Towards Deriving Insights into Data Hiding Methods Using Pattern-Based Approach. In Proceedings of the 13th International Conference on Availability, Reliability and Security(Hamburg, Germany) (ARES 2018). Association for Computing Machinery, New York, NY, USA, Article 10, 10 pages. https://doi.org/10.1145/3230833.3233261Google ScholarDigital Library
- Thomas J McCabe. 1976. A complexity measure. IEEE Transactions on software Engineering4 (1976), 308–320.Google ScholarDigital Library
- D. Mitropoulos, P. Louridas, V. Salis, and D. Spinellis. 2019. Time Present and Time Past: Analyzing the Evolution of JavaScript Code in the Wild. In 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR). 126–137.Google Scholar
- Paweł Rajba and Wojciech Mazurczyk. 2020. Exploiting Minification for Data Hiding Purposes. In Proceedings of the 15th International Conference on Availability, Reliability and Security (Virtual Event, Ireland) (ARES ’20). Association for Computing Machinery, New York, NY, USA, Article 72, 9 pages. https://doi.org/10.1145/3407023.3409209Google ScholarDigital Library
- Paweł Rajba and Wojciech Mazurczyk. 2021. Information Hiding Using Minification. IEEE Access 9(2021), 66436–66449. https://doi.org/10.1109/ACCESS.2021.3077197Google ScholarCross Ref
- Craig H. Rowland. 1997. Covert channels in the TCP/IP protocol suite. First Monday 2, 5 (May 1997). https://doi.org/10.5210/fm.v2i5.528Google ScholarCross Ref
- Sebastian Schrittwieser, Stefan Katzenbeisser, Peter Kieseberg, Markus Huber, Manuel Leithner, Martin Mulazzani, and Edgar Weippl. 2014. Covert Computation—Hiding code in code through compile-time obfuscation. Computers & security 42(2014), 13–26.Google Scholar
- Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. 2016. Protecting software through obfuscation: Can it keep pace with progress in code analysis?ACM Computing Surveys (CSUR) 49, 1 (2016), 1–37.Google ScholarDigital Library
- Philippe Skolka, Cristian-Alexandru Staicu, and Michael Pradel. 2019. Anything to hide? Studying minified and obfuscated code in the web. In The World Wide Web Conference. 1735–1746.Google ScholarDigital Library
- Juan Soto. 1999. Randomness testing of the advanced encryption standard candidate algorithms. US Department of Commerce, Technology Administration, National Institute of Standards and Technology.Google Scholar
- Gregory Wroblewski. 2002. General Method of Program Code Obfuscation.Google Scholar
Recommendations
Reversible data hiding scheme based on dual stegano-images using orientation combinations
This work presents a novel reversible data hiding scheme based on combinations of pixel orientations located at two steganographic images to enhance embedding capacity and preserve good visual quality. Before secret data are embedded, the proposed ...
An adaptive steganographic method based on the measurement of just noticeable distortion profile
This paper presents an adaptive steganographic method based on just noticeable distortion (JND) profile measurement. According to the input requirements, our method can produce a higher quality or higher embedding capacity stego-image. In the embedding ...
Reversible Data Hiding in the VQ-Compressed Domain
Steganographic methods usually produce distortions in cover images due to the process of embedding secret bits. These distortions are hard to remove, and thus the cover image cannot be recovered. Although the distortions are always small, they cannot be ...
Comments