Traffic Morphing: An Efficient Defense
Against Statistical Traffic Analysis
Charles Wright, Scott Coull, Fabian Monrose
Presented by
Sruthi Vemulapalli
Network traffic analysis
How to reduce the leak of data?
Convex optimization
Traffic classification techniques
 VoIP language classifier
 Web page classifier
• Statistical distribution in encrypted VoIP
• Mimicry attack
• Polymorphic blending technique
• Other approaches
Traffic Morphing
• Goal: To provide users with an efficient
method of preventing information leakage
that induces less overhead.
• Operation :
– Selection of source processes
– Selection of target processes
– Morphing Matrix
– Morphing algorithm
– Data interception
Morphing Matrix
• Source process :
X = [x1, x2, . . . , xn]T, xi is the probability
of the ith largest packet size
• Target process :
Y = [y1, y2, . . . , yn]T
• Morphing Matrix
A = [aij], where Y=AX
• Packet received from source application
• Altering of packets
• Cumulative probability si=sum of the
probabilities for all sizes <=si
• Sampling Target size
• Advantage :
– Minimum overhead
– Matrix generation performed offline
Morphing via Convex Optimization
• From A we have n2 unknowns
• Y=AX representation
• n equations from the matrix
• Another n equations
• Minimizing the cost function f0(A)
• Solving convex optimization functions
• Example
Overall cost matrix A represented as:
• Optimization problem in standard form
Additional Morphing Constraints
• Uses:
 Preserve the quality of the data
 Minimize number of packets produced
• Adding equality constraints
• Disadvantage :
Overspecified equations with no valid solution
• Multilevel programming
• Example
Comparison function:
First Optimization Problem:
• Second Optimization Problem
Dealing with Large Sample Spaces
• Problem with growth of constraints
Complexity of finding morphing matrices
when n is large becomes prohibitively high
• Divide and Conquer strategy
• Applying the strategy to X and Y vectors
• Example (bigram distributions)
Initial morphing matrix optimization:
Submatrix optimization:
Practical Considerations
• Short Network Sessions
• Variations in Source Distribution
• Reducing Packet Sizes
• Encrypted Voice over IP
• Whitebox vs Blackbox Morphing
• Defeating the Original Classifier
• Evaluating Indistinguishability
• White box has the best accuracy over black box
Web Page Identification
• Defeating the Original Classifier
• Traffic morphing, chooses the best way to
alter the feature(s) of a packet
• Privacy and efficiency are balanced through
the use of convex optimization techniques
• Works in real-time
• Reduces the accuracy of the VoIP and
webpage classifier

similar documents