Cyber-attacks vary greatly in their goals, methods, and complexity, but they all communicate with their operators. Existing methods that attempt to prevent unauthorized communication are either inadequate or are vulnerable to kernel-mode attacks. We demonstrate the viability of stealthy network transmission on various network interface cards, using only data-writes to physical pages. For some cards, a code-reuse attack is used to issue IO instructions. Finally, the paper describes a virtualization-based method that prevents unauthorized communication. The analysis of its impact on the network bandwidth and the overall system performance shows that the average performance degradation is 0.6% on an idle system and 1.7% with a 10 MB/s outgoing traffic. The bandwidth degrades by 15% on average.

网络攻击的目标、方法和复杂性差异很大，但它们都与操作员进行通信。试图阻止未经授权的通信的现有方法要么不够充分，要么容易受到内核模式攻击。我们展示了在各种网络接口卡上进行隐蔽网络传输的可行性，仅使用对物理页面的数据写入。对于某些卡，使用代码重用攻击来发出 IO 指令。最后，本文描述了一种基于虚拟化的方法，可防止未经授权的通信。对其对网络带宽和整体系统性能影响的分析表明，在空闲系统上平均性能下降 0.6%，在 10 MB/s 传出流量下平均性能下降 1.7%。带宽平均降低 15%。