CS16 - Countering Covert Tunneling: A Multi-Industry Study on Detecting DNS, ICMP, and TCP-Based Data Exfiltration

SCURS Disciplines

Computer Sciences

Document Type

General Poster

Invited Presentation Choice

Not Applicable

Abstract

Data exfiltration remains one of the most persistent threats to organizational security, as attackers increasingly leverage covert tunneling to bypass traditional defensive perimeters. This project investigates how unauthorized data transfers are masked within legitimate network traffic using protocols such as ICMP, two-way TCP handshakes, and DNS. By examining the unique vulnerabilities within the healthcare, finance, and government sectors, this research demonstrates how attackers exploit these trusted channels to extract sensitive information like PII and confidential records. Utilizing a methodology that combines threat modeling, virtual machine simulations of tunneling attacks, and defensive architecture design, the study shifts the focus from offensive malware development to robust, defensive cybersecurity strategies. The final analysis provides a comprehensive framework for detection and prevention, evaluating the productivity of Data Loss Prevention tools and Identity and Access Management in maintaining network integrity without disrupting legal traffic.

Keywords

Data Exfiltration, Covert Channels, Network Security, Defensive Cybersecurity Architecture, Healthcare Data Protection, Financial Cybersecurity, ICMP Tunneling, DNS Tunneling, TCP Handshake, Threat Modeling.

Start Date

10-4-2026 9:30 AM

Location

University Readiness Center Greatroom

End Date

10-4-2026 11:30 AM

This document is currently not available here.

Share

COinS
 
Apr 10th, 9:30 AM Apr 10th, 11:30 AM

CS16 - Countering Covert Tunneling: A Multi-Industry Study on Detecting DNS, ICMP, and TCP-Based Data Exfiltration

University Readiness Center Greatroom

Data exfiltration remains one of the most persistent threats to organizational security, as attackers increasingly leverage covert tunneling to bypass traditional defensive perimeters. This project investigates how unauthorized data transfers are masked within legitimate network traffic using protocols such as ICMP, two-way TCP handshakes, and DNS. By examining the unique vulnerabilities within the healthcare, finance, and government sectors, this research demonstrates how attackers exploit these trusted channels to extract sensitive information like PII and confidential records. Utilizing a methodology that combines threat modeling, virtual machine simulations of tunneling attacks, and defensive architecture design, the study shifts the focus from offensive malware development to robust, defensive cybersecurity strategies. The final analysis provides a comprehensive framework for detection and prevention, evaluating the productivity of Data Loss Prevention tools and Identity and Access Management in maintaining network integrity without disrupting legal traffic.