2 research outputs found
Recommended from our members
Design and Implementation of Algorithms for Traffic Classification
Traffic analysis is the practice of using inherent characteristics of a network flow such as timings, sizes, and orderings of the packets to derive sensitive information about it. Traffic analysis techniques are used because of the extensive adoption of encryption and content-obfuscation mechanisms, making it impossible to infer any information about the flows by analyzing their content. In this thesis, we use traffic analysis to infer sensitive information for different objectives and different applications. Specifically, we investigate various applications: p2p cryptocurrencies, flow correlation, and messaging applications. Our goal is to tailor specific traffic analysis algorithms that best capture network traffic’s intrinsic characteristics in those applications for each of these applications. Also, the objective of traffic analysis is different for each of these applications. Specifically, in Bitcoin, our goal is to evaluate Bitcoin traffic’s resilience to blocking by powerful entities such as governments and ISPs. Bitcoin and similar cryptocurrencies play an important role in electronic commerce and other trust-based distributed systems because of their significant advantage over traditional currencies, including open access to global e-commerce. Therefore, it is essential to
the consumers and the industry to have reliable access to their Bitcoin assets. We also examine stepping stone attacks for flow correlation. A stepping stone is a host that an attacker uses to relay her traffic to hide her identity. We introduce two fingerprinting systems, TagIt and FINN. TagIt embeds a secret fingerprint into the flows by moving the packets to specific time intervals. However, FINN utilizes DNNs to embed the fingerprint by changing the inter-packet delays (IPDs) in the flow. In messaging applications, we analyze the WhatsApp messaging service to determine if traffic leaks any sensitive information such as members’ identity in a particular conversation to the adversaries who watch their encrypted traffic. These messaging applications’ privacy is essential because these services provide an environment to dis- cuss politically sensitive subjects, making them a target to government surveillance and censorship in totalitarian countries. We take two technical approaches to design our traffic analysis techniques. The increasing use of DNN-based classifiers inspires our first direction: we train DNN classifiers to perform some specific traffic analysis task. Our second approach is to inspect and model the shape of traffic in the target application and design a statistical classifier for the expected shape of traffic. DNN- based methods are useful when the network is complex, and the traffic’s underlying noise is not linear. Also, these models do not need a meticulous analysis to extract the features. However, deep learning techniques need a vast amount of training data to work well. Therefore, they are not beneficial when there is insufficient data avail- able to train a generalized model. On the other hand, statistical methods have the advantage that they do not have training overhead
Metodologias para caracterização de tráfego em redes de comunicações
Tese de doutoramento em Metodologias para caracterização de tráfego em redes de comunicaçõesInternet Tra c, Internet Applications, Internet Attacks, Tra c Pro ling,
Multi-Scale Analysis
abstract Nowadays, the Internet can be seen as an ever-changing platform where new
and di erent types of services and applications are constantly emerging. In
fact, many of the existing dominant applications, such as social networks,
have appeared recently, being rapidly adopted by the user community. All
these new applications required the implementation of novel communication
protocols that present di erent network requirements, according to the service
they deploy. All this diversity and novelty has lead to an increasing need
of accurately pro ling Internet users, by mapping their tra c to the originating
application, in order to improve many network management tasks such
as resources optimization, network performance, service personalization and
security. However, accurately mapping tra c to its originating application
is a di cult task due to the inherent complexity of existing network protocols
and to several restrictions that prevent the analysis of the contents of
the generated tra c. In fact, many technologies, such as tra c encryption,
are widely deployed to assure and protect the con dentiality and integrity
of communications over the Internet. On the other hand, many legal constraints
also forbid the analysis of the clients' tra c in order to protect
their con dentiality and privacy. Consequently, novel tra c discrimination
methodologies are necessary for an accurate tra c classi cation and user
pro ling. This thesis proposes several identi cation methodologies for an
accurate Internet tra c pro ling while coping with the di erent mentioned
restrictions and with the existing encryption techniques. By analyzing the
several frequency components present in the captured tra c and inferring
the presence of the di erent network and user related events, the proposed
approaches are able to create a pro le for each one of the analyzed Internet
applications. The use of several probabilistic models will allow the accurate
association of the analyzed tra c to the corresponding application. Several
enhancements will also be proposed in order to allow the identi cation of
hidden illicit patterns and the real-time classi cation of captured tra c.
In addition, a new network management paradigm for wired and wireless
networks will be proposed. The analysis of the layer 2 tra c metrics and
the di erent frequency components that are present in the captured tra c
allows an e cient user pro ling in terms of the used web-application. Finally,
some usage scenarios for these methodologies will be presented and
discussed