A Reflective Covert Channel Attack Anchored on Trusted Web Services

Download PDF
Open Webpage

Feng Zhu, Youngtae Yun, Jinpeng Wei, Brent ByungHoon Kang, Yongzhi Wang, Daehyeok Kim, Peng Li, He Xu, Ruchuan Wang

Published: 01 Jan 2018, Last Modified: 15 Feb 2025ICWS 2018EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: This paper introduces a novel attack that can covertly exfiltrate data from a compromised network to a blocked external endpoint, using public web services as the intermediaries and exploiting both HTTP requests and DNS queries. We first identify at least 16 public web services and 2 public HTTP proxies that can serve this purpose. Then we build a prototype attack using these public services and experimentally confirm its effectiveness, including an average data transfer rate of 361 bits per second. Finally, we present the design, implementation and evaluation of a proof-of-concept defense that uses information-theoretic entropy of the DNS queries to detect this novel attack.

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview