Faculty Recruiting Support CICS

Design and Implementation of Algorithms for Traffic Classification

16 Mar
Tuesday, 03/16/2021 12:00pm to 2:00pm
Zoom Meeting
PhD Thesis Defense
Speaker: Fatemeh Rezaei

Zoom Meeting: https://umass-amherst.zoom.us/j/95198226183?pwd=aFc0ZWdGWmlpRGZPY2hFR1l0VVJoQT09


Traffic analysis is the practice of using inherent characteristics of a network flow such as timings, sizes, and orderings of the packets to derive sensitive information about it. Traffic analysis techniques are used because of the extensive adoption of encryption and content-obfuscation mechanisms, making it impossible to infer any information about the flow by analyzing its content.
In this thesis, we use traffic analysis to infer sensitive information for different objectives and different applications. Specifically, we investigate various applications: p2p cryptocurrencies, flow correlation, and messaging applications. Our goal is to tailor specific traffic analysis algorithms that best capture network traffic's intrinsic characteristics in those applications for each of these applications. Also, the objective of traffic analysis is different for each of these applications. Specifically, in Bitcoin, our goal is to evaluate Bitcoin traffic's resilience to blocking by powerful entities such as governments and ISPs. Bitcoin and similar cryptocurrencies play an important role in electronic commerce and other trust-based distributed systems because of their significant advantage over traditional currencies, including open access to global e-commerce. Therefore, it is essential to the consumers and the industry to have reliable access to their Bitcoin assets. We examine the stepping stone attacks for flow correlation. The stepping stone is a host that an attacker uses to relay her traffic to hide her identity. In messaging applications, we analyze WhatsApp messaging service traffic to determine if it leaks any sensitive information such as members' identity in a particular conversation to the adversaries who watch their encrypted traffic. These messaging applications' privacy is essential because these services provide an environment to discuss politically sensitive subjects, making them a target to government surveillance and censorship in totalitarian countries.
We take two technical approaches to design our traffic analysis techniques. The increasing use of DNN-based classifiers inspires our first direction: we train some DNN classifiers to perform the specific traffic analysis task. Our second approach is to inspect and model the shape of traffic in the target application and design a statistical classifier for the expected shape of traffic.    Advisor: Amir Houmansadr