Colloquium Details
Recent advances in active traffic analysis for linking network flows
| Author: | Amir Houmansadr University of Illinois at Urbana-Champaign |
|---|---|
| Date: | June 01, 2011 |
| Time: | 15:30 |
| Location: | 220 Deschutes |
| Host: | Kevin Butler |
Abstract
Traffic analysis is inferring sensitive information from the communication patterns, instead of the traffic contents, and as more traffic is getting encrypted traffic analysis is becoming more relevant and essential to security. This talk is devoted to the use of traffic analysis for linking network flows that are otherwise unlinkable. An example scenario is the detection of attackers who try to disguise their identities by relaying their traffic through previously compromised hosts, namely, stepping stones. Another example scenario is the case of colluding attackers who use traffic analysis to break anonymity promises in a low-latency anonymous network like Tor.
Traditional approaches for traffic analysis are passive: passive traffic analysis is performed by only observing the traffic patterns in order to perform the required correlations. However, this results in a high rate of false positive errors due to the intrinsic correlation of the network flows. More recently, researchers have adopted an active approach for traffic analysis, known as network flow watermarking. In this case, a secret pattern, the watermark, is modulated into the traffic pattern of the network flows and is looked for in suspicious flows in order to effectively link the related network flows. Different features are required for an effective flow watermarking scheme which are discussed throughout the talk.
Biography
Amir Houmansadr is a Ph.D. candidate in electrical and computer engineering department at the University of Illinois at Urbana-Champaign. He received his BSc and MSc degrees from Sharif University of Technology in 2003 and 2005, respectively. Amir's research revolves around various network security and privacy problems, including network traffic analysis, intrusion detection, covert channels, and anonymous communication. Towards his Ph.D. dissertation Amir has conducted research on the design, analysis, and implementation of network flow watermarking schemes.