Detection of Information Flows

The detection of information flows by timing analysis is considered. Given transmission timestamps of monitored nodes, the problem is to decide whether there is an information flow through these nodes by analyzing the transmission patterns. Due to constraints that packets from an information flow need to be delivered within certain delay or the relay nodes have bounded memory, transmission patterns of an information flow are statistically different from those of independent traffic. The main result of this paper is a tight characterization of the maximum amount of chaff noise such that Chernoff-consistent detection is achievable. The direct part of the result is an explicit construction of a detector that has vanishing false alarm and miss probabilities as the sample size increases whenever the noise level is below certain threshold. Conversely, when the noise level is above this threshold, there exist means to hide the information flow such that it is indistinguishable from independent traffic. Explicit characterization of the noise threshold is provided for Poisson transmission schedules. It is also shown that while information flows can be hidden among chaff noise for a small number of hops, the rate of information flow diminishes as the number of hops increases.

[1]  Douglas S. Reeves,et al.  Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[2]  Lang Tong,et al.  Detecting Encrypted Stepping-Stone Connections , 2007, IEEE Transactions on Signal Processing.

[3]  Yong Guan,et al.  Detection of stepping stone attack under delay and chaff perturbations , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[4]  Riccardo Bettati,et al.  On Flow Correlation Attacks and Countermeasures in Mix Networks , 2004, Privacy Enhancing Technologies.

[5]  Peng Ning,et al.  Active timing-based correlation of perturbed traffic flows with chaff packets , 2005, 25th IEEE International Conference on Distributed Computing Systems Workshops.

[6]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[7]  H. Vincent Poor,et al.  An Introduction to Signal Detection and Estimation , 1994, Springer Texts in Electrical Engineering.

[8]  P. Venkitasubramaniam,et al.  Packet Scheduling Against Stepping-Stone Attacks with Chaff , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[9]  Lang Tong,et al.  Distributed Detection of Information Flows , 2008, IEEE Transactions on Information Forensics and Security.

[10]  Lang Tong,et al.  Detecting Information Flows: Improving Chaff Tolerance by Joint Detection , 2007, 2007 41st Annual Conference on Information Sciences and Systems.

[11]  David R. Cox,et al.  The Theory of Stochastic Processes , 1967, The Mathematical Gazette.

[12]  Sally Floyd,et al.  Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[13]  Sally Floyd,et al.  Wide-area traffic: the failure of Poisson modeling , 1994 .

[14]  Lang Tong,et al.  Toward an analytical approach to anonymous wireless networking , 2008, IEEE Communications Magazine.

[15]  Vern Paxson,et al.  Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[16]  Xiaoyan Hong,et al.  Effective probabilistic approach protecting sensor traffic , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[17]  Lang Tong,et al.  Anonymous Networking Amidst Eavesdroppers , 2008, IEEE Transactions on Information Theory.

[18]  Hiroaki Etoh,et al.  Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.

[19]  Douglas S. Reeves,et al.  Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays , 2003, CCS '03.

[20]  Stuart Staniford-Chen,et al.  Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[21]  S. Varadhan,et al.  Large deviations , 2019, Graduate Studies in Mathematics.

[22]  R. F.,et al.  Mathematical Statistics , 1944, Nature.

[23]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[24]  Dimitri P. Bertsekas,et al.  Data Networks , 1986 .

[25]  Dawn Xiaodong Song,et al.  Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds , 2004, RAID.

[26]  Lang Tong,et al.  On security-aware transmission scheduling , 2008, 2008 IEEE International Conference on Acoustics, Speech and Signal Processing.

[27]  Douglas S. Reeves,et al.  Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework , 2001, SEC.