1,216 research outputs found
TORKAMELEON. IMPROVING TOR’S CENSORSHIP RESISTANCE WITH K-ANONYMIZATION MEDIA MORPHING COVERT INPUT CHANNELS
Anonymity networks such as Tor and other related tools are powerful means of increas-
ing the anonymity and privacy of Internet users’ communications. Tor is currently the
most widely used solution by whistleblowers to disclose confidential information and
denounce censorship measures, including violations of civil rights, freedom of expres-
sion, or guarantees of free access to information. However, recent research studies have
shown that Tor is vulnerable to so-called powerful correlation attacks carried out by
global adversaries or collaborative Internet censorship parties. In the Tor ”arms race”
scenario, we can see that as new censorship, surveillance, and deep correlation tools have
been researched, new, improved solutions for preserving anonymity have also emerged.
In recent research proposals, unobservable encapsulation of IP packets in covert media
channels is one of the most promising defenses against such threat models. They leverage
WebRTC-based covert channels as a robust and practical approach against powerful traf-
fic correlation analysis. At the same time, these solutions are difficult to combat through
the traffic-blocking measures commonly used by censorship authorities.
In this dissertation, we propose TorKameleon, a censorship evasion solution de-
signed to protect Tor users with increased censorship resistance against powerful traffic
correlation attacks executed by global adversaries. The system is based on flexible K-
anonymization input circuits that can support TLS tunneling and WebRTC-based covert
channels before forwarding users’ original input traffic to the Tor network. Our goal
is to protect users from machine and deep learning correlation attacks between incom-
ing user traffic and observed traffic at different Tor network relays, such as middle and
egress relays. TorKameleon is the first system to implement a Tor pluggable transport
based on parameterizable TLS tunneling and WebRTC-based covert channels. We have
implemented the TorKameleon prototype and performed extensive validations to ob-
serve the correctness and experimental performance of the proposed solution in the Tor
environment. With these evaluations, we analyze the necessary tradeoffs between the
performance of the standard Tor network and the achieved effectiveness and performance
of TorKameleon, capable of preserving the required unobservability properties.Redes de anonimização como o Tor e soluções ou ferramentas semelhantes são meios
poderosos de aumentar a anonimidade e a privacidade das comunicações de utilizadores
da Internet . O Tor é atualmente a rede de anonimato mais utilizada por delatores para
divulgar informações confidenciais e denunciar medidas de censura tais como violações
de direitos civis e da liberdade de expressão, ou falhas nas garantias de livre acesso à
informação. No entanto, estudos recentes mostram que o Tor é vulnerável a adversários
globais ou a entidades que colaboram entre si para garantir a censura online. Neste
cenário competitivo e de jogo do “gato e do rato”, é possível verificar que à medida que
novas soluções de censura e vigilância são investigadas, novos sistemas melhorados para
a preservação de anonimato são também apresentados e refinados. O encapsulamento de
pacotes IP em túneis encapsulados em protocolos de media são uma das mais promissoras
soluções contra os novos modelos de ataque à anonimidade. Estas soluções alavancam
canais encobertos em protocolos de media baseados em WebRTC para resistir a poderosos
ataques de correlação de tráfego e a medidas de bloqueios normalmente usadas pelos
censores.
Nesta dissertação propomos o TorKameleon, uma solução desenhada para protoger
os utilizadores da rede Tor contra os mais recentes ataques de correlação feitos por um
modelo de adversário global. O sistema é baseado em estratégias de anonimização e
reencaminhamento do tráfego do utilizador através de K nós, utilizando também encap-
sulamento do tráfego em canais encobertos em túneis TLS ou WebRTC. O nosso objetivo
é proteger os utilizadores da rede Tor de ataques de correlação implementados através
de modelos de aprendizagem automática feitos entre o tráfego do utilizador que entra
na rede Tor e esse mesmo tráfego noutro segmento da rede, como por exemplo nos nós
de saída da rede. O TorKameleon é o primeiro sistema a implementar um Tor pluggable
transport parametrizável, baseado em túneis TLS ou em canais encobertos em protocolos
media. Implementamos um protótipo do sistema e realizamos uma extensa avalição expe-
rimental, inserindo a solução no ambiente da rede Tor. Com base nestas avaliações, anali-
zamos o tradeoff necessário entre a performance da rede Tor e a eficácia e a performance
obtida do TorKameleon, que garante as propriedades de preservação de anonimato
Machine Learning based Anomaly Detection for Cybersecurity Monitoring of Critical Infrastructures
openManaging critical infrastructures requires to increasingly rely on Information and Communi-
cation Technologies. The last past years showed an incredible increase in the sophistication
of attacks. For this reason, it is necessary to develop new algorithms for monitoring these
infrastructures. In this scenario, Machine Learning can represent a very useful ally. After a
brief introduction on the issue of cybersecurity in Industrial Control Systems and an overview
of the state of the art regarding Machine Learning based cybersecurity monitoring, the
present work proposes three approaches that target different layers of the control network
architecture. The first one focuses on covert channels based on the DNS protocol, which can
be used to establish a command and control channel, allowing attackers to send malicious
commands. The second one focuses on the field layer of electrical power systems, proposing
a physics-based anomaly detection algorithm for Distributed Energy Resources. The third
one proposed a first attempt to integrate physical and cyber security systems, in order to face
complex threats. All these three approaches are supported by promising results, which gives
hope to practical applications in the next future.openXXXIV CICLO - SCIENZE E TECNOLOGIE PER L'INGEGNERIA ELETTRONICA E DELLE TELECOMUNICAZIONI - Elettromagnetismo, elettronica, telecomunicazioniGaggero, GIOVANNI BATTIST
Isolation of DDoS Attacks and Flash Events in Internet Traffic Using Deep Learning Techniques
The adoption of network function visualization (NFV) and software-defined radio (SDN) has created a tremendous increase in Internet traffic due to flexibility brought in the network layer. An increase in traffic flowing through the network poses a security threat that becomes tricky to detect and hence selects an appropriate mitigation strategy. Under such a scenario occurrence of the distributed denial of service (DDoS) and flash events (FEs) affect the target servers and interrupt services. Isolating the attacks is the first step before selecting an appropriate mitigation technique. However, detecting and isolating the DDoS attacks from FEs when happening simultaneously is a challenge that has attracted the attention of many researchers. This study proposes a deep learning framework to detect the FEs and DDoS attacks occurring simultaneously in the network and isolates one from the other. This step is crucial in designing appropriate mechanisms to enhance network resilience against such cyber threats. The experiments indicate that the proposed model possesses a high accuracy level in detecting and isolating DDoS attacks and FEs in networked systems
Will SDN be part of 5G?
For many, this is no longer a valid question and the case is considered
settled with SDN/NFV (Software Defined Networking/Network Function
Virtualization) providing the inevitable innovation enablers solving many
outstanding management issues regarding 5G. However, given the monumental task
of softwarization of radio access network (RAN) while 5G is just around the
corner and some companies have started unveiling their 5G equipment already,
the concern is very realistic that we may only see some point solutions
involving SDN technology instead of a fully SDN-enabled RAN. This survey paper
identifies all important obstacles in the way and looks at the state of the art
of the relevant solutions. This survey is different from the previous surveys
on SDN-based RAN as it focuses on the salient problems and discusses solutions
proposed within and outside SDN literature. Our main focus is on fronthaul,
backward compatibility, supposedly disruptive nature of SDN deployment,
business cases and monetization of SDN related upgrades, latency of general
purpose processors (GPP), and additional security vulnerabilities,
softwarization brings along to the RAN. We have also provided a summary of the
architectural developments in SDN-based RAN landscape as not all work can be
covered under the focused issues. This paper provides a comprehensive survey on
the state of the art of SDN-based RAN and clearly points out the gaps in the
technology.Comment: 33 pages, 10 figure
Amoeba: Circumventing ML-supported Network Censorship via Adversarial Reinforcement Learning
Embedding covert streams into a cover channel is a common approach to
circumventing Internet censorship, due to censors' inability to examine
encrypted information in otherwise permitted protocols (Skype, HTTPS, etc.).
However, recent advances in machine learning (ML) enable detecting a range of
anti-censorship systems by learning distinct statistical patterns hidden in
traffic flows. Therefore, designing obfuscation solutions able to generate
traffic that is statistically similar to innocuous network activity, in order
to deceive ML-based classifiers at line speed, is difficult.
In this paper, we formulate a practical adversarial attack strategy against
flow classifiers as a method for circumventing censorship. Specifically, we
cast the problem of finding adversarial flows that will be misclassified as a
sequence generation task, which we solve with Amoeba, a novel reinforcement
learning algorithm that we design. Amoeba works by interacting with censoring
classifiers without any knowledge of their model structure, but by crafting
packets and observing the classifiers' decisions, in order to guide the
sequence generation process. Our experiments using data collected from two
popular anti-censorship systems demonstrate that Amoeba can effectively shape
adversarial flows that have on average 94% attack success rate against a range
of ML algorithms. In addition, we show that these adversarial flows are robust
in different network environments and possess transferability across various ML
models, meaning that once trained against one, our agent can subvert other
censoring classifiers without retraining
Detection of encrypted traffic generated by peer-to-peer live streaming applications using deep packet inspection
The number of applications using the peer-to-peer (P2P) networking paradigm and their popularity has substantially grown over the last decade. They evolved from the le-sharing applications to media streaming ones. Nowadays these applications commonly encrypt the communication contents or employ protocol obfuscation techniques. In this dissertation, it was conducted an investigation to identify encrypted traf c ows generated by three of the most popular P2P live streaming applications: TVUPlayer, Livestation and GoalBit. For this work, a test-bed that could simulate a near real scenario was created, and traf c was captured from a great variety of applications. The method proposed resort to Deep Packet Inspection (DPI), so we needed
to analyse the payload of the packets in order to nd repeated patterns, that later were used to create a set of SNORT rules that can be used to detect key network packets generated by these applications. The method was evaluated experimentally on the test-bed created for that purpose, being shown that its accuracy is of 97% for GoalBit.A popularidade e o número de aplicações que usam o paradigma de redes par-a-par (P2P)
têm crescido substancialmente na última década. Estas aplicações deixaram de serem usadas
simplesmente para partilha de ficheiros e são agora usadas também para distribuir conteúdo
multimédia. Hoje em dia, estas aplicações têm meios de cifrar o conteúdo da comunicação
ou empregar técnicas de ofuscação directamente no protocolo. Nesta dissertação, foi realizada
uma investigação para identificar fluxos de tráfego encriptados, que foram gerados por
três aplicações populares de distribuição de conteúdo multimédia em redes P2P: TVUPlayer,
Livestation e GoalBit. Para este trabalho, foi criada uma plataforma de testes que pretendia
simular um cenário quase real, e o tráfego que foi capturado, continha uma grande variedade
de aplicações. O método proposto nesta dissertação recorre à técnica de Inspecção Profunda
de Pacotes (DPI), e por isso, foi necessário 21nalisar o conteúdo dos pacotes a fim de encontrar
padrões que se repetissem, e que iriam mais tarde ser usados para criar um conjunto de regras
SNORT para detecção de pacotes chave· na rede, gerados por estas aplicações, afim de se
poder correctamente classificar os fluxos de tráfego. Após descobrir que a aplicação Livestation
deixou de funcionar com P2P, apenas as duas regras criadas até esse momento foram usadas.
Quanto à aplicação TVUPlayer, foram criadas várias regras a partir do tráfego gerado por ela
mesma e que tiveram uma boa taxa de precisão. Várias regras foram também criadas para
a aplicação GoalBit em que foram usados quatro cenários: com e sem encriptação usando a
opção de transmissão tracker, e com e sem encriptação usando a opção de transmissão sem
necessidade de tracker (aqui foi usado o protocolo Kademlia). O método foi avaliado experimentalmente
na plataforma de testes criada para o efeito, sendo demonstrado que a precisão
do conjunto de regras para a aplicação GoallBit é de 97%.Fundação para a Ciência e a Tecnologia (FCT
- …