A network attacker wants to transmit Voice-over-IP (VoIP) traffic streams covertly. He tries to evade the detection system by manipulating the VoIP streams through padding, shifting, and splitting operations, so as to conceal them amidst the Internet traffic. A defender wants to detect the manipulated VoIP streams. Tackling this problem from an adversarial perspective, we provide two contributions: 1) we obtain a highly stylized representation of VoIP streams in terms of transmission frequency F and packet length L , and characterize the F, L region achievable by the attacker's transformation and 2) We formulate the VoIP detection game, and find both theoretical conditions and a practical algorithm to find the Nash equilibrium of the game. As a result, we are able to design an optimal (from the adversarial perspective) algorithm for VoIP detection, which is nicknamed as ADVoIP. Simulations over real network traces, and comparison with existing approaches, show the effectiveness of the proposed approach.

ADVoIP: Adversarial Detection of Encrypted and Concealed VoIP

Addesso P.;Cirillo M.;Di Mauro M.;Matta V.
2020

Abstract

A network attacker wants to transmit Voice-over-IP (VoIP) traffic streams covertly. He tries to evade the detection system by manipulating the VoIP streams through padding, shifting, and splitting operations, so as to conceal them amidst the Internet traffic. A defender wants to detect the manipulated VoIP streams. Tackling this problem from an adversarial perspective, we provide two contributions: 1) we obtain a highly stylized representation of VoIP streams in terms of transmission frequency F and packet length L , and characterize the F, L region achievable by the attacker's transformation and 2) We formulate the VoIP detection game, and find both theoretical conditions and a practical algorithm to find the Nash equilibrium of the game. As a result, we are able to design an optimal (from the adversarial perspective) algorithm for VoIP detection, which is nicknamed as ADVoIP. Simulations over real network traces, and comparison with existing approaches, show the effectiveness of the proposed approach.
File in questo prodotto:
File Dimensione Formato  
TIFS2922398_PA01.pdf

accesso aperto

Descrizione: Articolo principale
Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: DRM non definito
Dimensione 2.53 MB
Formato Adobe PDF
2.53 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11386/4740478
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 3
social impact