|
Network traffic analysts are currently unable to link network flows across wide area networks to determine the origin of a network traffic flow, which is critical in understanding sources of attacks. This project is developing a novel technique for linking network flows, called flow fingerprinting, that could help help network defenders identify the origin of a network-based attack or help law enforcement track the source of criminal activity. The work could also reveal weaknesses that must be addressed in systems that protect users online anonymity.
This project investigates network flow fingerprinting for traffic analysis. The project has three main research thrusts: First, using coding theory in the design of network flow fingerprinting systems that are tailored for various networking applications. Second, performing rigorous theoretical analysis of flow fingerprints in order to identify their limitations and capabilities, as well as to devise optimum fingerprinting systems under specific threat models. The analysis thrust uses information theory and detection and estimation theory. Third, identifying real-world application scenarios for flow fingerprints, and implementing the devised flow fingerprinting systems in such real-world scenarios to assess their usability and challenges. Specifically, the project is evaluating the use of flow fingerprints in compromising large-scale, distributed anonymity networks like Tor.
|
TWC: Small: Linking the Unlinkable: Design, Analysis, and Implementation of Network Flow Fingerprints for Fine-grained Traffic Analysis