Traffic Morphing: An Efficient DefenseAgainst Statistical Traffic Analysis

Charles Wright, Scott Coull, Fabian Monrose

Presented by Sruthi Vemulapalli

Introduction

• Network traffic analysis• How to reduce the leak of data?• Convex optimization• Examples• Traffic classification techniques

VoIP language classifier Web page classifier

• Statistical distribution in encrypted VoIP

• Mimicry attack

• Polymorphic blending technique

• Other approaches

Traffic Morphing

• Goal: To provide users with an efficient method of preventing information leakage that induces less overhead.

• Operation :– Selection of source processes– Selection of target processes– Morphing Matrix– Morphing algorithm– Data interception

Morphing Matrix

• Source process : X = [x1, x2, . . . , xn]T, xi is the probability

of the ith largest packet size• Target process :

Y = [y1, y2, . . . , yn]T• Morphing Matrix A = [aij], where Y=AX

Operation

• Packet received from source application• Altering of packets• Cumulative probability si=sum of the

probabilities for all sizes <=si• Sampling Target size• Advantage :– Minimum overhead– Matrix generation performed offline

Morphing via Convex Optimization

• From A we have n2 unknowns• Y=AX representation

• n equations from the matrix

• Another n equations

• Minimizing the cost function f0(A) • Solving convex optimization functions• Example

Overall cost matrix A represented as:

• Optimization problem in standard form

Additional Morphing Constraints

• Uses: Preserve the quality of the data Minimize number of packets produced

• Adding equality constraints• Disadvantage :

Overspecified equations with no valid solution

• Multilevel programming• Example

Comparison function:

First Optimization Problem:

• Second Optimization Problem

Dealing with Large Sample Spaces

• Problem with growth of constraints Complexity of finding morphing matrices

when n is large becomes prohibitively high

• Divide and Conquer strategy

• Applying the strategy to X and Y vectors

• Example (bigram distributions) Initial morphing matrix optimization:

Submatrix optimization:

Practical Considerations

• Short Network Sessions

• Variations in Source Distribution

• Reducing Packet Sizes

Evaluation

• Encrypted Voice over IP• Whitebox vs Blackbox Morphing

• Defeating the Original Classifier

• Evaluating Indistinguishability

• White box has the best accuracy over black box

Web Page Identification

• Defeating the Original Classifier

Conclusion

• Traffic morphing, chooses the best way to alter the feature(s) of a packet

• Privacy and efficiency are balanced through the use of convex optimization techniques

• Works in real-time• Reduces the accuracy of the VoIP and

webpage classifier

QUESTIONS????