Multi-Observer Privacy-Preserving Hidden Markov Models

Detection of malicious traffic and network health problems would be much easier if Internet Service Providers (ISPs) shared their data. Unfortunately, they are reluctant to share because doing so would either violate privacy legislation or expose business secrets. Secure distributed computation allows calculations to be made using private data and provides an ideal mechanism for ISPs to share their data. This paper presents such a method, allowing multiple parties to jointly infer a Hidden Markov Model (HMM) for network traffic, which can then be used to detect anomalies. We extend prior work on HMMs in network security to include observations from multiple ISPs and develop secure protocols to infer the model parameters without revealing the private data. We implemented a prototype of the protocols and have tested our implementation on simulated data of realistic network attack models. The experiments show that our protocols have small computation and communication overheads. The protocols therefore are suitable for adoption by ISPs.

[1]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[2]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[3]  L. Baum,et al.  An inequality with applications to statistical estimation for probabilistic functions of Markov processes and to a model for ecology , 1967 .

[4]  Paris Smaragdis,et al.  A Framework for Secure Speech Recognition , 2007, IEEE Transactions on Audio, Speech, and Language Processing.

[5]  Konstantina Papagiannaki,et al.  Structural analysis of network traffic flows , 2004, SIGMETRICS '04/Performance '04.

[6]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.

[7]  Yin Zhang,et al.  Secure distributed data-mining and its application to large-scale network measurements , 2006, CCRV.

[8]  L. Baum,et al.  A Maximization Technique Occurring in the Statistical Analysis of Probabilistic Functions of Markov Chains , 1970 .

[9]  Matthew Roughan,et al.  On the identifiability of multi-observer hidden Markov models , 2012, 2012 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[10]  Aiko Pras,et al.  Hidden Markov Model Modeling of SSH Brute-Force Attacks , 2009, DSOM.

[11]  Charles V. Wright,et al.  On Inferring Application Protocol Behaviors in Encrypted Network Traffic , 2006, J. Mach. Learn. Res..

[12]  Nikita Borisov,et al.  P3CA: Private Anomaly Detection Across ISP Networks , 2011, PETS.

[13]  Marc Parizeau,et al.  Training Hidden Markov Models with Multiple Observations-A Combinatorial Method , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[14]  Bernhard Plattner,et al.  The role of network trace anonymization under attack , 2010, CCRV.

[15]  Bhiksha Raj,et al.  Privacy preserving probabilistic inference with Hidden Markov Models , 2011, 2011 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[16]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[17]  Salvatore J. Stolfo,et al.  Markov Models for Network-Behavior Modeling and Anonymization , 2011 .

[18]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[19]  Roberto Perdisci,et al.  Sensing Attacks in Computers Networks with Hidden Markov Models , 2007, MLDM.

[20]  Lawrence R. Rabiner,et al.  A tutorial on Hidden Markov Models , 1986 .

[21]  Kavé Salamatian,et al.  Hidden Markov modeling for network communication channels , 2001, SIGMETRICS '01.

[22]  Albert G. Greenberg,et al.  Network anomography , 2005, IMC '05.

[23]  ZhangYin,et al.  Secure distributed data-mining and its application to large-scale network measurements , 2006 .

[24]  Mostafa H. Ammar,et al.  Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme , 2004, Comput. Networks.

[25]  Matthew Roughan,et al.  Multi-Observer Privacy-Preserving Hidden Markov Models , 2013, IEEE Trans. Signal Process..

[26]  Shunzheng Yu,et al.  A hidden semi-Markov model with missing data and multiple observation sequences for mobility tracking , 2003, Signal Process..