Unsupervised and nonparametric detection of information flows

The problem of detecting the presence of possibly bidirectional and time-varying information flows through two nodes in a network is considered. Only the transmission timing measurements are used in the detection. The proposed technique assumes no parametric flow model and requires no training data. The consistency of the detector is established for a class of non-homogeneous Poisson traffic. The proposed detector is tested in a simulation using LBL TCP traces (Paxson and Floyd, 1995 [24]) and an experiment involving MSN VoIP sessions.

[1]  Yong Guan,et al.  Detection of stepping stone attack under delay and chaff perturbations , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[2]  Peter Kruus,et al.  In-Band Wormholes and Countermeasures in OLSR Networks , 2006, 2006 Securecomm and Workshops.

[3]  Sushil Jajodia,et al.  Tracking anonymous peer-to-peer VoIP calls on the internet , 2005, CCS '05.

[4]  Xuxian Jiang,et al.  A First Step towards Live Botmaster Traceback , 2008, RAID.

[5]  Sergio Verdú,et al.  Bits through queues , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[6]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[7]  Sally Floyd,et al.  Wide-area traffic: the failure of Poisson modeling , 1994 .

[8]  Nasir D. Memon,et al.  Online Sketching of Network Flows for Real-Time Stepping-Stone Detection , 2009, 2009 Annual Computer Security Applications Conference.

[9]  R. F.,et al.  Mathematical Statistics , 1944, Nature.

[10]  Saurabh Bagchi,et al.  TCP/IP Timing Channels: Theory to Implementation , 2009, IEEE INFOCOM 2009.

[11]  Nikita Borisov,et al.  RAINBOW: A Robust And Invisible Non-Blind Watermark for Network Flows , 2009, NDSS.

[12]  Douglas S. Reeves,et al.  Adaptive Watermarking against Deliberate Random Delay for Attack Attribution through Stepping Stones ? , .

[13]  Vern Paxson,et al.  Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[14]  Douglas S. Reeves,et al.  Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[15]  Desmond P. Taylor,et al.  On the SelfSimilar Nature of Ethernet Traffic (Extended Version) , 2007 .

[16]  Lang Tong,et al.  Detection of Information Flows , 2008, IEEE Transactions on Information Theory.

[17]  Mudhakar Srivatsa,et al.  International Conference on Security and Privacy in Communication Networks , 2015, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering.

[18]  Todd P. Coleman,et al.  Estimating the directed information to infer causal relationships in ensemble neural spike train recordings , 2010, Journal of Computational Neuroscience.

[19]  Azer Bestavros,et al.  Self-similarity in World Wide Web traffic: evidence and possible causes , 1996, SIGMETRICS '96.

[20]  Zafer Sahinoglu,et al.  On multimedia networks: self-similar traffic and network performance , 1999, IEEE Commun. Mag..

[21]  Nasir D. Memon,et al.  Efficient Detection of Delay-Constrained Relay Nodes , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[22]  Peng Ning,et al.  Active timing-based correlation of perturbed traffic flows with chaff packets , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[23]  Nikita Borisov,et al.  SWIRL: A Scalable Watermark to Detect Correlated Network Flows , 2011, NDSS.

[24]  Dawn Xiaodong Song,et al.  Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds , 2004, RAID.

[25]  Tom Chothia,et al.  A Survey of Anonymous Peer-to-Peer File-Sharing , 2005, EUC Workshops.

[26]  Peng Ning,et al.  Tracing Traffic through Intermediate Hosts that Repacketize Flows , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[27]  Jie Wu,et al.  Survey on anonymous communications in computer networks , 2010, Comput. Commun..

[28]  Douglas S. Reeves,et al.  Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Flow Watermarking , 2011, IEEE Transactions on Dependable and Secure Computing.