Network Traffic Obfuscation: An Adversarial Machine Learning Approach

An agent (D) aims to defend a network's traffic (T) from inference (classification) of applications or protocols (P) traversing that nework by an attacker (A). D aims to confuse A as to the nature of T by altering T to T’ so that A cannot easily ascertain the class of T’. If D is successful, A concludes that T’ belongs to class Q different from the true class P. A variety of approaches have been advanced to this general problem in the primary literature; however, research shows that even if the data contents of T are altered (e.g., through encryption), the meta-data aspects of T and T’ are similar (e.g., similar packet statistics like size and inter-arrival time). Thus, inference of P is still possible from observing the statistical properties of T’; D must thus further obfuscate these features as well. However, heavyhanded obfuscation could break the protocol or incur substantial overhead; hence minimal perturbations are desired. In this paper, we assume that A is able to observe statistical properties of T. We study the question: how can D optimally create T’ so that A infers T’ belongs to a class other than the true class P, with the additional constraint that T’ is close to T? Insights from the emerging area of adversarial machine learning (AML) provide unique perspectives in answering this question.

[1]  Stuart Cheshire,et al.  Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry , 2011, RFC.

[2]  Michael Langberg,et al.  Realtime Classification for Encrypted Traffic , 2010, SEA.

[3]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[5]  Maurizio Dusi,et al.  Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting , 2009, Comput. Networks.

[6]  Andrea Baiocchi,et al.  Optimum packet length masking , 2010, 2010 22nd International Teletraffic Congress (lTC 22).

[7]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[8]  Patrick D. McDaniel,et al.  Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples , 2016, ArXiv.

[9]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[10]  Ian Goldberg,et al.  SkypeMorph: protocol obfuscation for Tor bridges , 2012, CCS.

[11]  Patrick D. McDaniel,et al.  Cleverhans V0.1: an Adversarial Machine Learning Library , 2016, ArXiv.

[12]  Yanghee Choi,et al.  Internet traffic classification demystified: on the sources of the discriminative power , 2010, CoNEXT.

[13]  Andrew W. Moore,et al.  Internet traffic classification using bayesian analysis techniques , 2005, SIGMETRICS '05.

[14]  Andrew W. Moore,et al.  Discriminators for use in flow-based classification , 2013 .

[15]  Matthew Roughan,et al.  Class-of-service mapping for QoS: a statistical signature-based approach to IP traffic classification , 2004, IMC '04.

[16]  Riccardo Bettati,et al.  Preventing traffic analysis for real-time communication networks , 1999, MILCOM 1999. IEEE Military Communications. Conference Proceedings (Cat. No.99CH36341).

[17]  Dawn Xiaodong Song,et al.  Adversarial Example Defenses: Ensembles of Weak Defenses are not Strong , 2017, ArXiv.

[18]  Kevin S. Chan,et al.  Chaff Allocation and Performance for Network Traffic Obfuscation , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[19]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[20]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[21]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[22]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[23]  Charles V. Wright,et al.  Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis , 2009, NDSS.