Report

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Charles Wright, Scott Coull, Fabian Monrose Presented by Sruthi Vemulapalli Introduction • • • • • Network traffic analysis How to reduce the leak of data? Convex optimization Examples Traffic classification techniques VoIP language classifier Web page classifier • Statistical distribution in encrypted VoIP • Mimicry attack • Polymorphic blending technique • Other approaches Traffic Morphing • Goal: To provide users with an efficient method of preventing information leakage that induces less overhead. • Operation : – Selection of source processes – Selection of target processes – Morphing Matrix – Morphing algorithm – Data interception Morphing Matrix • Source process : X = [x1, x2, . . . , xn]T, xi is the probability of the ith largest packet size • Target process : Y = [y1, y2, . . . , yn]T • Morphing Matrix A = [aij], where Y=AX Operation • Packet received from source application • Altering of packets • Cumulative probability si=sum of the probabilities for all sizes <=si • Sampling Target size • Advantage : – Minimum overhead – Matrix generation performed offline Morphing via Convex Optimization • From A we have n2 unknowns • Y=AX representation • n equations from the matrix • Another n equations • Minimizing the cost function f0(A) • Solving convex optimization functions • Example Overall cost matrix A represented as: • Optimization problem in standard form Additional Morphing Constraints • Uses: Preserve the quality of the data Minimize number of packets produced • Adding equality constraints • Disadvantage : Overspecified equations with no valid solution • Multilevel programming • Example Comparison function: First Optimization Problem: • Second Optimization Problem Dealing with Large Sample Spaces • Problem with growth of constraints Complexity of finding morphing matrices when n is large becomes prohibitively high • Divide and Conquer strategy • Applying the strategy to X and Y vectors • Example (bigram distributions) Initial morphing matrix optimization: Submatrix optimization: Practical Considerations • Short Network Sessions • Variations in Source Distribution • Reducing Packet Sizes Evaluation • Encrypted Voice over IP • Whitebox vs Blackbox Morphing • Defeating the Original Classifier • Evaluating Indistinguishability • White box has the best accuracy over black box Web Page Identification • Defeating the Original Classifier Conclusion • Traffic morphing, chooses the best way to alter the feature(s) of a packet • Privacy and efficiency are balanced through the use of convex optimization techniques • Works in real-time • Reduces the accuracy of the VoIP and webpage classifier