{"title":"隐蔽信道传输隔离网络的近源攻击","authors":"Zhiqiang Ruan, Yuchen Yang, Lejia Chen","doi":"10.1109/CSCloud-EdgeCom58631.2023.00019","DOIUrl":null,"url":null,"abstract":"This paper investigates a new attack method called \"near-source attack\". It leverages the broadcast frames of the 802.11 protocol to establish a hidden tunnel and bypass physical isolation networks or air-gapped networks. We first analyze and implement a common technology known as Ghost Tunnel, which allows the attacker to control the target host and transmit information without being detected. However, this method suffers from frame loss, repeated frame, and attack transparency. We then propose an improved solution to deliver malicious programs to the target host using a modified BadUSB hardware device. Once the attackers successfully get in the isolated networks, they can bypass security protection devices and exploit vulnerabilities of communication protocols, so that they can remote control of target devices and hidden data transmission. We further conducted experiments to verify the feasibility and effectiveness of this attack scheme. The results indicate that the attack logic is capable of inducing the target host to engage in covert communication. Finally, we give some defense measures for such attacks.","PeriodicalId":56007,"journal":{"name":"Journal of Cloud Computing-Advances Systems and Applications","volume":"1068 1","pages":"59-64"},"PeriodicalIF":3.7000,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Near-Source Attack for Isolated Networks with Covert Channel Transmission\",\"authors\":\"Zhiqiang Ruan, Yuchen Yang, Lejia Chen\",\"doi\":\"10.1109/CSCloud-EdgeCom58631.2023.00019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper investigates a new attack method called \\\"near-source attack\\\". It leverages the broadcast frames of the 802.11 protocol to establish a hidden tunnel and bypass physical isolation networks or air-gapped networks. We first analyze and implement a common technology known as Ghost Tunnel, which allows the attacker to control the target host and transmit information without being detected. However, this method suffers from frame loss, repeated frame, and attack transparency. We then propose an improved solution to deliver malicious programs to the target host using a modified BadUSB hardware device. Once the attackers successfully get in the isolated networks, they can bypass security protection devices and exploit vulnerabilities of communication protocols, so that they can remote control of target devices and hidden data transmission. We further conducted experiments to verify the feasibility and effectiveness of this attack scheme. The results indicate that the attack logic is capable of inducing the target host to engage in covert communication. Finally, we give some defense measures for such attacks.\",\"PeriodicalId\":56007,\"journal\":{\"name\":\"Journal of Cloud Computing-Advances Systems and Applications\",\"volume\":\"1068 1\",\"pages\":\"59-64\"},\"PeriodicalIF\":3.7000,\"publicationDate\":\"2023-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Cloud Computing-Advances Systems and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCloud-EdgeCom58631.2023.00019\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Cloud Computing-Advances Systems and Applications","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/CSCloud-EdgeCom58631.2023.00019","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Near-Source Attack for Isolated Networks with Covert Channel Transmission
This paper investigates a new attack method called "near-source attack". It leverages the broadcast frames of the 802.11 protocol to establish a hidden tunnel and bypass physical isolation networks or air-gapped networks. We first analyze and implement a common technology known as Ghost Tunnel, which allows the attacker to control the target host and transmit information without being detected. However, this method suffers from frame loss, repeated frame, and attack transparency. We then propose an improved solution to deliver malicious programs to the target host using a modified BadUSB hardware device. Once the attackers successfully get in the isolated networks, they can bypass security protection devices and exploit vulnerabilities of communication protocols, so that they can remote control of target devices and hidden data transmission. We further conducted experiments to verify the feasibility and effectiveness of this attack scheme. The results indicate that the attack logic is capable of inducing the target host to engage in covert communication. Finally, we give some defense measures for such attacks.
期刊介绍:
The Journal of Cloud Computing: Advances, Systems and Applications (JoCCASA) will publish research articles on all aspects of Cloud Computing. Principally, articles will address topics that are core to Cloud Computing, focusing on the Cloud applications, the Cloud systems, and the advances that will lead to the Clouds of the future. Comprehensive review and survey articles that offer up new insights, and lay the foundations for further exploratory and experimental work, are also relevant.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
