Active traffic analysis attacks and countermeasures

Author

Fu, Xinwen ; Graham, Bryan ; Bettati, Riccardo ; Zhao, Wei

Author_Institution

Dept. of Comput. Sci., Texas A&M Univ., College Station, TX, USA

fYear

2003

fDate

20-23 Oct. 2003

Firstpage

31

Lastpage

39

Abstract

To explore mission-critical information, an adversary using active traffic analysis attacks injects probing traffic into the victim network and analyzes the status of underlying payload traffic. Active traffic analysis attacks are easy to deploy and hence become a serious threat to mission critical applications. This paper suggests statistical pattern recognition as a fundamental technology to evaluate effectiveness of active traffic analysis attacks and corresponding countermeasures. Our evaluation shows that sample entropy of ping packets´ round trip time is an effective feature statistic to discover the payload traffic rate. We propose simple countermeasures that can significantly reduce the effectiveness of ping-based active traffic analysis attacks. Our experiments validate the effectiveness of this scheme, which can also be used in other scenarios.

Keywords

Internet; computer networks; statistical analysis; telecommunication security; telecommunication traffic; Internet; active traffic analysis; attack analysis; countermeasures; mission-critical information; network security; payload traffic; statistical pattern recognition; Entropy; Information analysis; Information security; Internet; Mission critical systems; Pattern analysis; Payloads; Statistical analysis; Telecommunication traffic; Wire;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Networks and Mobile Computing, 2003. ICCNMC 2003. 2003 International Conference on

Print_ISBN

0-7695-2033-2

Type

conf

DOI

10.1109/ICCNMC.2003.1243024

Filename

1243024