Optimization of Warden Network Functions for Mitigating Network Covert Channels

Network covert channels are increasingly deployed by threat actors to prevent detection and to make the attack chain more difficult to reverse engineer. However, the tight coupling between the mechanism used to conceal data within network traffic and the countermeasure makes difficult to design general mitigation techniques, especially for large-scale scenarios. A promising approach is to pursue the automatization of security-oriented operations for taking advantage of warden network functions, i.e., software processes able to process traffic and block/detect network covert channels. Therefore, this paper investigates how to deploy softwarized processes to mitigate the impact of covert channels. Specifically, it presents how to compute cost-optimal solutions by solving mixed-integer linear programs, or near-optimal solutions via a heuristic. The results demonstrate the effectiveness of our ideas when used on synthetic network graphs that model realistic network structures.