5 research outputs found
The Embedding Capacity of Information Flows Under Renewal Traffic
Given two independent point processes and a certain rule for matching points
between them, what is the fraction of matched points over infinitely long
streams? In many application contexts, e.g., secure networking, a meaningful
matching rule is that of a maximum causal delay, and the problem is related to
embedding a flow of packets in cover traffic such that no traffic analysis can
detect it. We study the best undetectable embedding policy and the
corresponding maximum flow rate ---that we call the embedding capacity--- under
the assumption that the cover traffic can be modeled as arbitrary renewal
processes. We find that computing the embedding capacity requires the inversion
of very structured linear systems that, for a broad range of renewal models
encountered in practice, admits a fully analytical expression in terms of the
renewal function of the processes. Our main theoretical contribution is a
simple closed form of such relationship. This result enables us to explore
properties of the embedding capacity, obtaining closed-form solutions for
selected distribution families and a suite of sufficient conditions on the
capacity ordering. We evaluate our solution on real network traces, which shows
a noticeable match for tight delay constraints. A gap between the predicted and
the actual embedding capacities appears for looser constraints, and further
investigation reveals that it is caused by inaccuracy of the renewal traffic
model rather than of the solution itself.Comment: Sumbitted to IEEE Trans. on Information Theory on March 10, 201
DDoS Attacks with Randomized Traffic Innovation: Botnet Identification Challenges and Strategies
Distributed Denial-of-Service (DDoS) attacks are usually launched through the
, an "army" of compromised nodes hidden in the network. Inferential
tools for DDoS mitigation should accordingly enable an early and reliable
discrimination of the normal users from the compromised ones. Unfortunately,
the recent emergence of attacks performed at the application layer has
multiplied the number of possibilities that a botnet can exploit to conceal its
malicious activities. New challenges arise, which cannot be addressed by simply
borrowing the tools that have been successfully applied so far to earlier DDoS
paradigms. In this work, we offer basically three contributions: we
introduce an abstract model for the aforementioned class of attacks, where the
botnet emulates normal traffic by continually learning admissible patterns from
the environment; we devise an inference algorithm that is shown to
provide a consistent (i.e., converging to the true solution as time progresses)
estimate of the botnet possibly hidden in the network; and we verify the
validity of the proposed inferential strategy over network traces.Comment: Submitted for publicatio
Limits of Reliable Communication with Low Probability of Detection on AWGN Channels
We present a square root limit on the amount of information transmitted
reliably and with low probability of detection (LPD) over additive white
Gaussian noise (AWGN) channels. Specifically, if the transmitter has AWGN
channels to an intended receiver and a warden, both with non-zero noise power,
we prove that bits can be sent from the transmitter to the
receiver in channel uses while lower-bounding
for any , where and respectively denote the
warden's probabilities of a false alarm when the sender is not transmitting and
a missed detection when the sender is transmitting. Moreover, in most practical
scenarios, a lower bound on the noise power on the channel between the
transmitter and the warden is known and bits can be sent in
LPD channel uses. Conversely, attempting to transmit more than
bits either results in detection by the warden with probability one or a
non-zero probability of decoding error at the receiver as .Comment: Major revision in v2. Context, esp. the relationship to steganography
updated. Also, added discussion on secret key length. Results are unchanged
from previous version. Minor revision in v3. Major revision in v4, Clarified
derivations (adding appendix), also context, esp. relationship to previous
work in communication updated. Results are unchanged from previous revision