Traffic Morphing: An Efficient DefenseAgainst Statistical Traffic Analysis
Charles Wright, Scott Coull, Fabian Monrose
Presented by Sruthi Vemulapalli
Introduction
• Network traffic analysis• How to reduce the leak of data?• Convex optimization• Examples• Traffic classification techniques
VoIP language classifier Web page classifier
• Statistical distribution in encrypted VoIP
• Mimicry attack
• Polymorphic blending technique
• Other approaches
Traffic Morphing
• Goal: To provide users with an efficient method of preventing information leakage that induces less overhead.
• Operation :– Selection of source processes– Selection of target processes– Morphing Matrix– Morphing algorithm– Data interception
Morphing Matrix
• Source process : X = [x1, x2, . . . , xn]T, xi is the probability
of the ith largest packet size• Target process :
Y = [y1, y2, . . . , yn]T• Morphing Matrix A = [aij], where Y=AX
Operation
• Packet received from source application• Altering of packets• Cumulative probability si=sum of the
probabilities for all sizes <=si• Sampling Target size• Advantage :– Minimum overhead– Matrix generation performed offline
Morphing via Convex Optimization
• From A we have n2 unknowns• Y=AX representation
• n equations from the matrix
• Another n equations
• Minimizing the cost function f0(A) • Solving convex optimization functions• Example
Overall cost matrix A represented as:
• Optimization problem in standard form
Additional Morphing Constraints
• Uses: Preserve the quality of the data Minimize number of packets produced
• Adding equality constraints• Disadvantage :
Overspecified equations with no valid solution
• Multilevel programming• Example
Comparison function:
First Optimization Problem:
• Second Optimization Problem
Dealing with Large Sample Spaces
• Problem with growth of constraints Complexity of finding morphing matrices
when n is large becomes prohibitively high
• Divide and Conquer strategy
• Applying the strategy to X and Y vectors
• Example (bigram distributions) Initial morphing matrix optimization:
Submatrix optimization:
Practical Considerations
• Short Network Sessions
• Variations in Source Distribution
• Reducing Packet Sizes
Evaluation
• Encrypted Voice over IP• Whitebox vs Blackbox Morphing
• Defeating the Original Classifier
• Evaluating Indistinguishability
• White box has the best accuracy over black box
Web Page Identification
• Defeating the Original Classifier
Conclusion
• Traffic morphing, chooses the best way to alter the feature(s) of a packet
• Privacy and efficiency are balanced through the use of convex optimization techniques
• Works in real-time• Reduces the accuracy of the VoIP and
webpage classifier
QUESTIONS????
Top Related