### ppt

```Traffic Morphing: An Efficient Defense
Against Statistical Traffic Analysis
Charles Wright, Scott Coull, Fabian Monrose
Presented by
Sruthi Vemulapalli
Introduction
•
•
•
•
•
Network traffic analysis
How to reduce the leak of data?
Convex optimization
Examples
Traffic classification techniques
 VoIP language classifier
 Web page classifier
• Statistical distribution in encrypted VoIP
• Mimicry attack
• Polymorphic blending technique
• Other approaches
Traffic Morphing
• Goal: To provide users with an efficient
method of preventing information leakage
• Operation :
– Selection of source processes
– Selection of target processes
– Morphing Matrix
– Morphing algorithm
– Data interception
Morphing Matrix
• Source process :
X = [x1, x2, . . . , xn]T, xi is the probability
of the ith largest packet size
• Target process :
Y = [y1, y2, . . . , yn]T
• Morphing Matrix
A = [aij], where Y=AX
Operation
• Packet received from source application
• Altering of packets
• Cumulative probability si=sum of the
probabilities for all sizes <=si
• Sampling Target size
– Matrix generation performed offline
Morphing via Convex Optimization
• From A we have n2 unknowns
• Y=AX representation
• n equations from the matrix
• Another n equations
• Minimizing the cost function f0(A)
• Solving convex optimization functions
• Example
Overall cost matrix A represented as:
• Optimization problem in standard form
• Uses:
 Preserve the quality of the data
 Minimize number of packets produced
Overspecified equations with no valid solution
• Multilevel programming
• Example
Comparison function:
First Optimization Problem:
• Second Optimization Problem
Dealing with Large Sample Spaces
• Problem with growth of constraints
Complexity of finding morphing matrices
when n is large becomes prohibitively high
• Divide and Conquer strategy
• Applying the strategy to X and Y vectors
• Example (bigram distributions)
Initial morphing matrix optimization:
Submatrix optimization:
Practical Considerations
• Short Network Sessions
• Variations in Source Distribution
• Reducing Packet Sizes
Evaluation
• Encrypted Voice over IP
• Whitebox vs Blackbox Morphing
• Defeating the Original Classifier
• Evaluating Indistinguishability
• White box has the best accuracy over black box
Web Page Identification
• Defeating the Original Classifier
Conclusion
• Traffic morphing, chooses the best way to
alter the feature(s) of a packet
• Privacy and efficiency are balanced through
the use of convex optimization techniques
• Works in real-time
• Reduces the accuracy of the VoIP and
webpage classifier
```