{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T21:48:30Z","timestamp":1742939310394,"version":"3.40.3"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319942889"},{"type":"electronic","value":"9783319942896"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-94289-6_6","type":"book-chapter","created":{"date-parts":[[2018,6,18]],"date-time":"2018-06-18T11:30:15Z","timestamp":1529321415000},"page":"84-99","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Reflective Covert Channel Attack Anchored on Trusted Web Services"],"prefix":"10.1007","author":[{"given":"Feng","family":"Zhu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Youngtae","family":"Yun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jinpeng","family":"Wei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brent Byunghoon","family":"Kang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yongzhi","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daehyeok","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"He","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ruchuan","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,6,19]]},"reference":[{"key":"6_CR1","unstructured":"Hutchins, E., Cloppert, M., Amin, R.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: Proceedings of the 6th International Conference on Information Warfare and Security 2011, pp. 113\u2013125. Academic Conferences Ltd., USA (2011)"},{"key":"6_CR2","unstructured":"Grand Theft Data: Data exfiltration study: actors, tactics, and detection (2015). https:\/\/www.mcafee.com\/us\/resources\/reports\/rp-data-exfiltration.pdf. Accessed 10 Apr 2018"},{"key":"6_CR3","unstructured":"Annarita, G., Vincent, H.B., George, V.C.: Data exfiltration and covert channels. In: Defense and Security Symposium, 17\u201321 April 2006, Orlando, Florida, USA (2006)"},{"key":"6_CR4","unstructured":"DNS attacks putting organizations at risk, survey finds (2014). https:\/\/www.scmagazine.com\/ddos-attacks-mask-crime\/article\/539683. Accessed 10 Apr 2018"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Bauer, M.: New covert channels in HTTP: adding unwitting web browsers to anonymity sets. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, pp. 72\u201378. ACM, New York (2003)","DOI":"10.1145\/1005140.1005152"},{"key":"6_CR6","unstructured":"Born, K.: Browser-based covert data exfiltration. In: 9th Annual Security Conference, Las Vegas, NV, USA (2010)"},{"key":"6_CR7","unstructured":"Born, K.: PSUDP: a passive approach to network-wide covert communication. In: Black Hat USA 2010, Las Vegas, NV, USA (2010)"},{"key":"6_CR8","unstructured":"Exploitation of Data Streams Authorized by a Network Access Control System for Arbitrary Data Transfers: Tunneling and Covert Channels over the HTTP Protocol. Technique report, Gray-World (2003). http:\/\/gray-world.net\/projects\/papers\/covert_paper.txt. Accessed 10 Apr 2018"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-642-39077-7_10","volume-title":"Privacy Enhancing Technologies","author":"D Fifield","year":"2013","unstructured":"Fifield, D., Nakibly, G., Boneh, D.: OSS: using online scanning services for censorship circumvention. In: De Cristofaro, E., Wright, M. (eds.) PETS 2013. LNCS, vol. 7981, pp. 185\u2013204. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39077-7_10"},{"key":"6_CR10","unstructured":"Application Layer Covert Channel Analysis and Detection. Technique report, Napier University Edinburgh (2006). http:\/\/billatnapier.com\/zk.pdf. Accessed 10 Apr 2018"},{"key":"6_CR11","unstructured":"Revelli, A., Leidecker, N.: Playing with Heyoka: spoofed tunnels, undetectable data exfiltration and more fun with DNS packets. In: Shakacon 2009, Honolulu, HI, USA (2009)"},{"key":"6_CR12","unstructured":"Van Horenbeeck, M.: Deception on the network: thinking differently about covert channels. In: Proceedings of the 7th Australian Information Warfare and Security Conference, pp. 174\u2013184. Edith Cowan University, Perth (2006)"},{"issue":"3","key":"6_CR13","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1109\/TDSC.2013.10","volume":"10","author":"K Xu","year":"2013","unstructured":"Xu, K., Butler, P., Saha, S., Yao, D.: DNS for massive-scale command and control. IEEE Trans. Dependable Secure Comput. 10(3), 143\u2013153 (2013)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"6_CR14","unstructured":"Borders, K., Prakash, A.: Towards quantification of network-based information leaks via HTTP. In: Proceedings of the Third USENIX Workshop on Hot Topics in Security (HotSEC 2008). USENIX Association, Berkeley (2008)"},{"key":"6_CR15","unstructured":"Born, K., Gustafson, D.: Detecting DNS tunnels using character frequency analysis. In: 9th Annual Security Conference, Las Vegas, NV, USA, 7\u20138 April 2010 (2010)"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Dietrich, C.J., Rossow, C., Freiling, F.C., Bos, H., van Steen, M., Pohlmann, N.: On botnets that use DNS for command and control. In: 7th European Conference on Computer Network Defense, Gothenburg, Sweden, 6\u20137 September 2011 (2011)","DOI":"10.1109\/EC2ND.2011.16"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Karasaridis, A., Meierhellstern, K.S., Hoeflin, D.A.: NIS04-2: detection of DNS anomalies using flow data analysis. In: IEEE GLOBECOM 2006 - Global Telecommunications Conference, pp. 1\u20136. IEEE, New York (2006)","DOI":"10.1109\/GLOCOM.2006.280"},{"key":"6_CR18","unstructured":"Paxson, V., Christodorescu, M., Javed, M., et al.: Practical comprehensive bounds on surreptitious communication over DNS. In: Proceedings of the 22nd USENIX Security Symposium, pp. 17\u201332. USENIX Association, Berkeley (2013)"},{"key":"6_CR19","doi-asserted-by":"publisher","first-page":"852","DOI":"10.1016\/j.procs.2013.05.109","volume":"17","author":"C Qi","year":"2013","unstructured":"Qi, C., Chen, X., Xu, C., Shi, J., Liu, P.: A bigram based real time DNS tunnel detection approach. Procedia Comput. Sci. 17, 852\u2013860 (2013)","journal-title":"Procedia Comput. Sci."},{"issue":"5","key":"6_CR20","first-page":"143","volume":"34","author":"S Zhang","year":"2013","unstructured":"Zhang, S., Zou, F., Wang, L., Cheng, M.: Detecting DNS-based covert channel on live traffic. J. Commun. 34(5), 143\u2013151 (2013)","journal-title":"J. Commun."},{"key":"6_CR21","unstructured":"Google Search by Image. http:\/\/www.google.com\/searchbyimage. Accessed 10 Apr 2018"},{"key":"6_CR22","unstructured":"DNS Nslookup online. http:\/\/network-tools.com\/nslook. Accessed 10 Apr 2018"},{"key":"6_CR23","unstructured":"Dr. Web Online scanner. http:\/\/vms.drweb.com\/online. Accessed 10 Apr 2018"},{"key":"6_CR24","unstructured":"DNSCat. https:\/\/wiki.skullsecurity.org\/Dnscat. Accessed 10 Apr 2018"},{"key":"6_CR25","unstructured":"DNS Dig online. http:\/\/dig-nslookup.nmonitoring.com\/dns-dig-nslookup.html. Accessed 10 Apr 2018"},{"key":"6_CR26","unstructured":"DNS MX record online. http:\/\/www.nmonitoring.com\/show-mx-record.html. Accessed 10 Apr 2018"},{"key":"6_CR27","unstructured":"Whois Online. http:\/\/whois.nmonitoring.com. Accessed 10 Apr 2018"},{"key":"6_CR28","unstructured":"PDFMyURL. http:\/\/pdfmyurl.com. Accessed 10 Apr 2018"},{"key":"6_CR29","unstructured":"vURL Online. http:\/\/vurldissect.co.uk. Accessed 10 Apr 2018"},{"key":"6_CR30","unstructured":"IE Netrenderer. http:\/\/netrenderer.com. Accessed 10 Apr 2018"},{"key":"6_CR31","unstructured":"VirusTotal. https:\/\/www.virustotal.com. Accessed 10 Apr 2018"},{"key":"6_CR32","unstructured":"Avira\u2019s Virus Scanner. https:\/\/analysis.avira.com. Accessed 10 Apr 2018"},{"key":"6_CR33","unstructured":"Google Translate. http:\/\/translate.google.com. Accessed 10 Apr 2018"},{"key":"6_CR34","unstructured":"Bing Translator. https:\/\/www.bing.com\/translator. Accessed 10 Apr 2018"},{"key":"6_CR35","unstructured":"Baidu Translate. http:\/\/fanyi.baidu.com. Accessed 10 Apr 2018"},{"key":"6_CR36","unstructured":"Web Page Analyzer. http:\/\/www.websiteoptimization.com\/services\/analyze. Accessed 10 Apr 2018"},{"key":"6_CR37","unstructured":"Pingdom Website Speed Test. https:\/\/tools.pingdom.com. Accessed 10 Apr 2018"},{"key":"6_CR38","unstructured":"PPMD compressor. http:\/\/www.compression.ru\/ds. Accessed 10 Apr 2018"},{"key":"6_CR39","unstructured":"Exploitation of Data Streams Authorized by a Network Access Control System for Arbitrary Data Transfers: Tunneling and Covert Channels over the HTTP Protocol. Technique report, Gray-World. http:\/\/gray-world.net\/projects\/papers\/covert_paper.txt. Accessed 10 Apr 2018"},{"key":"6_CR40","unstructured":"Application Layer Covert Channel Analysis and Detection. Technique report, Napier University Edinburgh. http:\/\/billatnapier.com\/zk.pdf. Accessed 10 Apr 2018"},{"key":"6_CR41","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31, 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"key":"6_CR42","unstructured":"Roesch, M.: SNORT: lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on Systems Administration, pp. 229\u2013238. USENIX Association, Berkeley (1999)"},{"issue":"2","key":"6_CR43","first-page":"23","volume":"36","author":"L Bernaille","year":"2006","unstructured":"Bernaille, L., Teixeira, R., Akodkenou, I., et al.: Traffic classification on the fly. ACM Spec. Interest Group Data Commun. 36(2), 23\u201326 (2006)","journal-title":"ACM Spec. Interest Group Data Commun."},{"key":"6_CR44","doi-asserted-by":"crossref","unstructured":"Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Detecting HTTP tunnels with statistical mechanisms. In: Proceedings of the 42th IEEE International Conference on Communications, pp. 6162\u20136168. IEEE, New York (2007)","DOI":"10.1109\/ICC.2007.1020"}],"container-title":["Lecture Notes in Computer Science","Web Services \u2013 ICWS 2018"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-94289-6_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T11:32:46Z","timestamp":1710243166000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-94289-6_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319942889","9783319942896"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-94289-6_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"19 June 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICWS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Web Services","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Seattle, WA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 June 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 June 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icws2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/icws.org\/2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"www.confhub.com","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"116","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"31","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}