45,011 research outputs found
Your Smart Home Can't Keep a Secret: Towards Automated Fingerprinting of IoT Traffic with Neural Networks
The IoT (Internet of Things) technology has been widely adopted in recent
years and has profoundly changed the people's daily lives. However, in the
meantime, such a fast-growing technology has also introduced new privacy
issues, which need to be better understood and measured. In this work, we look
into how private information can be leaked from network traffic generated in
the smart home network. Although researchers have proposed techniques to infer
IoT device types or user behaviors under clean experiment setup, the
effectiveness of such approaches become questionable in the complex but
realistic network environment, where common techniques like Network Address and
Port Translation (NAPT) and Virtual Private Network (VPN) are enabled. Traffic
analysis using traditional methods (e.g., through classical machine-learning
models) is much less effective under those settings, as the features picked
manually are not distinctive any more. In this work, we propose a traffic
analysis framework based on sequence-learning techniques like LSTM and
leveraged the temporal relations between packets for the attack of device
identification. We evaluated it under different environment settings (e.g.,
pure-IoT and noisy environment with multiple non-IoT devices). The results
showed our framework was able to differentiate device types with a high
accuracy. This result suggests IoT network communications pose prominent
challenges to users' privacy, even when they are protected by encryption and
morphed by the network gateway. As such, new privacy protection methods on IoT
traffic need to be developed towards mitigating this new issue
Intrusion Detection in Mobile Ad Hoc Networks Using Classification Algorithms
In this paper we present the design and evaluation of intrusion detection
models for MANETs using supervised classification algorithms. Specifically, we
evaluate the performance of the MultiLayer Perceptron (MLP), the Linear
classifier, the Gaussian Mixture Model (GMM), the Naive Bayes classifier and
the Support Vector Machine (SVM). The performance of the classification
algorithms is evaluated under different traffic conditions and mobility
patterns for the Black Hole, Forging, Packet Dropping, and Flooding attacks.
The results indicate that Support Vector Machines exhibit high accuracy for
almost all simulated attacks and that Packet Dropping is the hardest attack to
detect.Comment: 12 pages, 7 figures, presented at MedHocNet 200
k-fingerprinting: a Robust Scalable Website Fingerprinting Technique
Website fingerprinting enables an attacker to infer which web page a client
is browsing through encrypted or anonymized network connections. We present a
new website fingerprinting technique based on random decision forests and
evaluate performance over standard web pages as well as Tor hidden services, on
a larger scale than previous works. Our technique, k-fingerprinting, performs
better than current state-of-the-art attacks even against website
fingerprinting defenses, and we show that it is possible to launch a website
fingerprinting attack in the face of a large amount of noisy data. We can
correctly determine which of 30 monitored hidden services a client is visiting
with 85% true positive rate (TPR), a false positive rate (FPR) as low as 0.02%,
from a world size of 100,000 unmonitored web pages. We further show that error
rates vary widely between web resources, and thus some patterns of use will be
predictably more vulnerable to attack than others.Comment: 17 page
Mockingbird: Defending Against Deep-Learning-Based Website Fingerprinting Attacks with Adversarial Traces
Website Fingerprinting (WF) is a type of traffic analysis attack that enables
a local passive eavesdropper to infer the victim's activity, even when the
traffic is protected by a VPN or an anonymity system like Tor. Leveraging a
deep-learning classifier, a WF attacker can gain over 98% accuracy on Tor
traffic. In this paper, we explore a novel defense, Mockingbird, based on the
idea of adversarial examples that have been shown to undermine machine-learning
classifiers in other domains. Since the attacker gets to design and train his
attack classifier based on the defense, we first demonstrate that at a
straightforward technique for generating adversarial-example based traces fails
to protect against an attacker using adversarial training for robust
classification. We then propose Mockingbird, a technique for generating traces
that resists adversarial training by moving randomly in the space of viable
traces and not following more predictable gradients. The technique drops the
accuracy of the state-of-the-art attack hardened with adversarial training from
98% to 42-58% while incurring only 58% bandwidth overhead. The attack accuracy
is generally lower than state-of-the-art defenses, and much lower when
considering Top-2 accuracy, while incurring lower bandwidth overheads.Comment: 18 pages, 13 figures and 8 Tables. Accepted in IEEE Transactions on
Information Forensics and Security (TIFS
No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone
It is generally recognized that the traffic generated by an individual
connected to a network acts as his biometric signature. Several tools exploit
this fact to fingerprint and monitor users. Often, though, these tools assume
to access the entire traffic, including IP addresses and payloads. This is not
feasible on the grounds that both performance and privacy would be negatively
affected. In reality, most ISPs convert user traffic into NetFlow records for a
concise representation that does not include, for instance, any payloads. More
importantly, large and distributed networks are usually NAT'd, thus a few IP
addresses may be associated to thousands of users. We devised a new
fingerprinting framework that overcomes these hurdles. Our system is able to
analyze a huge amount of network traffic represented as NetFlows, with the
intent to track people. It does so by accurately inferring when users are
connected to the network and which IP addresses they are using, even though
thousands of users are hidden behind NAT. Our prototype implementation was
deployed and tested within an existing large metropolitan WiFi network serving
about 200,000 users, with an average load of more than 1,000 users
simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned
out to be very effective, with an accuracy greater than 90%. We also devised
new tools and refined existing ones that may be applied to other contexts
related to NetFlow analysis
- …