ADVoIP: Adversarial Detection of Encrypted and Concealed VoIP

A network attacker wants to transmit Voice-over-IP (VoIP) traffic streams covertly. He tries to evade the detection system by manipulating the VoIP streams through padding, shifting, and splitting operations, so as to conceal them amidst the Internet traffic. A defender wants to detect the manipulated VoIP streams. Tackling this problem from an adversarial perspective, we provide two contributions: 1) we obtain a highly stylized representation of VoIP streams in terms of transmission frequency F and packet length L , and characterize the F, L region achievable by the attacker's transformation and 2) We formulate the VoIP detection game, and find both theoretical conditions and a practical algorithm to find the Nash equilibrium of the game. As a result, we are able to design an optimal (from the adversarial perspective) algorithm for VoIP detection, which is nicknamed as ADVoIP. Simulations over real network traces, and comparison with existing approaches, show the effectiveness of the proposed approach.