A network attacker wants to transmit Voice-over-IP (VoIP) traffic streams covertly. He tries to evade the detection system by manipulating the VoIP streams through padding, shifting, and splitting operations, so as to conceal them amidst the Internet traffic. A defender wants to detect the manipulated VoIP streams. Tackling this problem from an adversarial perspective, we provide two contributions: 1) we obtain a highly stylized representation of VoIP streams in terms of transmission frequency F and packet length L , and characterize the F, L region achievable by the attacker's transformation and 2) We formulate the VoIP detection game, and find both theoretical conditions and a practical algorithm to find the Nash equilibrium of the game. As a result, we are able to design an optimal (from the adversarial perspective) algorithm for VoIP detection, which is nicknamed as ADVoIP. Simulations over real network traces, and comparison with existing approaches, show the effectiveness of the proposed approach.
ADVoIP: Adversarial Detection of Encrypted and Concealed VoIP
Addesso P.;Cirillo M.;Di Mauro M.;Matta V.
2020-01-01
Abstract
A network attacker wants to transmit Voice-over-IP (VoIP) traffic streams covertly. He tries to evade the detection system by manipulating the VoIP streams through padding, shifting, and splitting operations, so as to conceal them amidst the Internet traffic. A defender wants to detect the manipulated VoIP streams. Tackling this problem from an adversarial perspective, we provide two contributions: 1) we obtain a highly stylized representation of VoIP streams in terms of transmission frequency F and packet length L , and characterize the F, L region achievable by the attacker's transformation and 2) We formulate the VoIP detection game, and find both theoretical conditions and a practical algorithm to find the Nash equilibrium of the game. As a result, we are able to design an optimal (from the adversarial perspective) algorithm for VoIP detection, which is nicknamed as ADVoIP. Simulations over real network traces, and comparison with existing approaches, show the effectiveness of the proposed approach.File | Dimensione | Formato | |
---|---|---|---|
TIFS2922398_PA01.pdf
accesso aperto
Descrizione: Articolo principale
Tipologia:
Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza:
DRM non definito
Dimensione
2.53 MB
Formato
Adobe PDF
|
2.53 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.