Related papers: A highly optimized flow-correlation attack

In this paper, we analyze several recent schemes for watermarking network flows that are based on splitting the flow into timing intervals. We show that this approach creates time-dependent correlations that enable an attack that combines…

Linking network flows is an important problem in intrusion detection as well as anonymity. Passive traffic analysis can link flows but requires long periods of observation to reduce errors. Active traffic analysis, also known as flow…

The network flow watermarking technique associates the two communicating parties by actively modifying certain characteristics of the stream generated by the sender so that it covertly carries some special marking information. Some curious…

Flow watermarks efficiently link packet flows in a network in order to thwart various attacks such as stepping stones. We study the problem of designing good flow watermarks. Earlier flow watermarking schemes mostly considered substitution…

Flow correlation is the core technique used in a multitude of deanonymization attacks on Tor. Despite the importance of flow correlation attacks on Tor, existing flow correlation techniques are considered to be ineffective and unreliable in…

Dynamic watermarking, as an active intrusion detection technique, can potentially detect replay attacks, spoofing attacks, and deception attacks in the feedback channel for control systems. In this paper, we develop a novel dynamic…

Backdoor attack aims to deceive a victim model when facing backdoor instances while maintaining its performance on benign data. Current methods use manual patterns or special perturbations as triggers, while they often overlook the…

Watermarking techniques have been proposed during the last 10 years as an approach to trace network flows for intrusion detection purposes. These techniques aim to impress a hidden signature on a traffic flow. A central property of network…

Active security is mainly concerned with performing one or more security functions when a host in a communication network is subject to an attack. Such security functions include appropriate actions against attackers. To properly afford…

Watermarking combines an imperceptible change to an input image that will trigger a detector, to assert provenance and protect intellectual property. The literature has shown great interest in attacks on watermarking schemes: attackers are…

Cyberthreats are a permanent concern in our modern technological world. In the recent years, sophisticated traffic analysis techniques and anomaly detection (AD) algorithms have been employed to face the more and more subversive adversarial…

Low-latency anonymity networks such as Tor remain vulnerable to infrastructure-level traffic analysis that exploits side-channel information observable from encrypted communications. We introduce NATA, a non-invasive active…

Efficient algorithms and techniques to detect and identify large flows in a high throughput traffic stream in the SDN match-and-action model are presented. This is in contrast to previous work that either deviated from the match and action…

This paper considers the problem of designing physical watermark signals in order to optimally detect possible replay attack in a linear time-invariant system, under the assumption that the system parameters are unknown and need to be…

Networked robotic systems, such as connected vehicle platoons, can improve the safety and efficiency of transportation networks by allowing for high-speed coordination. To enable such coordination, these systems rely on networked…

Watermarking can detect sensor attacks in control systems by injecting a private signal into the control, whereby attacks are identified by checking the statistics of the sensor measurements and private signal. However, past approaches…

Hardware acceleration in modern networks creates monitoring blind spots by offloading flows to a non-observable state, hindering real-time service degradation (SD) detection. To address this, we propose and formalize a novel inter-flow…

Flow correlation attacks is an efficient network attacks, aiming to expose those who use anonymous network services, such as Tor. Conducting such attacks during the early stages of network communication is particularly critical for…

The addition of a physical watermarking signal to the control input increases the detection probability of data deception attacks at the expense of increased control cost. In this paper, we propose a parsimonious policy to reduce the…

We present the Waterfilling circuit selection method, which we designed in order to mitigate the risks of a successful end-to-end traffic correlation attack. Waterfilling proceeds by balancing the Tor network load as evenly as possible on…