IEEE Access (Jan 2021)
Information Hiding Using Minification
Abstract
Information hiding techniques have been recently getting increased attention from the security community. This is because attackers often apply a variety of data hiding methods to exfiltrate confidential information, enable covert transfers between the compromised victim’s machine and an attacker-operated infrastructure, or stealthily transmit additional malicious tools. Furthermore, such data concealment can be realized using different types of carriers, for instance, digital images, video, audio, text, or network traffic. Therefore, by carefully inspecting various data hiding methods, it is possible to assess the implications that such threats cause and to evaluate the preparedness of the existing defensive solutions. Minification is a popular mean for source code size reduction while preserving its complete functionality. In effect, the data transfer can be realized in a more efficient manner. Considering the above, in this paper, we systematically evaluate if the minification process can be effectively used for secret data transfer. The performed extensive experimental evaluation and obtained results indicate that the threat is real, thus countermeasures need to be adjusted accordingly.
Keywords
