network attacker wants to transmit VoIP traffic streams covertly. He tries to evade the detection system by manipulating the VoIP streams through padding and shifting operations, so as to conceal them amidst the Internet traffic. A defender (the detection system) wants to detect the manipulated VoIP streams. Tackling this problem from an adversarial perspective, we provide two contributions: i) we obtain a highly stylized representation of VoIP streams in terms of transmission frequency F mathcal and payload L, and characterize the (F, L) region achievable by the attacker's transformation; ii) we formulate the VoIP detection game, and find both theoretical conditions as well as a practical algorithm to find the Nash equilibrium of the game. Simulations over real network traces, and comparison with standard, adversary-unaware tools, show the advantages of the adopted adversarial perspective.
Adversarial Detection of Concealed VoIP Traffic
Addesso P.;Cirillo M.;Di Mauro M.;Longo M.;Matta V.
2019-01-01
Abstract
network attacker wants to transmit VoIP traffic streams covertly. He tries to evade the detection system by manipulating the VoIP streams through padding and shifting operations, so as to conceal them amidst the Internet traffic. A defender (the detection system) wants to detect the manipulated VoIP streams. Tackling this problem from an adversarial perspective, we provide two contributions: i) we obtain a highly stylized representation of VoIP streams in terms of transmission frequency F mathcal and payload L, and characterize the (F, L) region achievable by the attacker's transformation; ii) we formulate the VoIP detection game, and find both theoretical conditions as well as a practical algorithm to find the Nash equilibrium of the game. Simulations over real network traces, and comparison with standard, adversary-unaware tools, show the advantages of the adopted adversarial perspective.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
