Characterizing and Classifying Card-Sharing Traffic through Wavelet Analysis

In the last years the interest in methods and techniques for circumventing digital video broadcasting security is continuously increasing, and digital TV content providers are struggling to restrict usage only to authorized users through complex conditional access systems. Currently, the most significant weakness is the card-sharing activity which allows a subscriber to provide access to digital contents to a group of users connected through an IP network. This is usually realized employing ad hoc customized devices. Detecting the presence of these illegal systems on the network by recognizing their related traffic is an important issue of primary importance. To avoid the identification of such traffic are often used payload obfuscation strategies based on encryption, making it difficult the adoption of packet inspection techniques. This paper presents some ideas about a possible strategy for binary classification and detection of card-sharing traffic based on the natural capability of Wavelet Analysis to decompose a traffic time series into several component series associated with particular time and frequency scales and hence allowing its observation at different frequency component levels and with different resolutions. These ideas are a first step for the implementation of a classification scheme that relies only on time regularities of the traffic and not on the packet content that may be affected by protocol and payload obfuscation techniques.