Wednesday, August 13, 2014

STARS: A Statistical Traffic Pattern Discovery System for MANETs

STARS: A Statistical Traffic Pattern Discovery System for MANETs

Many anonymity enhancing techniques have been proposed based on packet encryption to protect the communication anonymity of mobile ad hoc networks (MANETs). However, in this paper, we show that MANETs are still vulnerable under passive statistical traffic analysis attacks. To demonstrate how to discover the communication patterns without decrypting the captured packets, we present a novel statistical traffic pattern discovery system (STARS). STARS works passively to perform traffic analysis based on statistical characteristics of captured raw traffic. STARS is capable of discovering the sources, the destinations, and the end-to-end communication relations. Empirical studies demonstrate that STARS achieves good accuracy in disclosing the hidden traffic patterns.

Evidence-based statistical traffic analysis model, every captured packet is treated as evidence supporting a point-to-point (one-hop) transmission between the sender and the receiver. A sequence of point-to-point traffic matrices is created, and then they are used to derive end- to-end (multihop) relations. This approach provides a practical attacking framework against MANETs but still leaves substantial information about the communication patterns undiscovered. MANET systems can achieve very restricted communication anonymity under the attack of STARS.

Statistical traffic analysis attacks have attracted broad interests due to their passive nature, i.e., attackers only need toc ollect information and perform analysis quietly without changing the network behavior (such as injecting or modifying packets). The predecessor attacks and disclosure attacks are two representatives.
However, all these previous approaches do not work well to analyze MANET traffic because of the following three natures of MANETs:
1) The broadcasting nature: In wired networks, a point-to-point message transmission usually has only one possible receiver. While in wireless networks, a message is broadcasted, which can have multiple possible receivers and so in curs additional uncertainty.
2) The ad hoc nature: MANETs lack network infrastructure, and each mobile node can serve as both a host and a router. Thus, it is difficult to determine the role of a mobile node to be a source, a destination, or just a relay.
3) The mobile nature: Most of existing traffic analysis models does not take into consideration the mobility of communication peers, which make the communication relations among mobile nodes more complex.

Ø Approaches do not work well to analyze MANET traffic.
Ø The scheme fails to address several important constrains when deriving the end-to-end traffic from the one hop evidences.
Ø  It does not provide a method to identify the actual source and destination nodes (or to calculate the source/destination probability distribution).
Ø Most of the previous approaches are partial attacks in the sense that they either only try to identify the source (or destination) nodes or to find out the corresponding destination (source) nodes for given particular source (destination) nodes.

Ø We propose a novel STARS for MANETs. STARS is basically an attacking system, which only needs to capture the raw traffic from the PHY/MAC layer without looking into the contents of the intercepted packets.
Ø From the captured packets, STARS constructs a sequence of point-to-point traffic matrices to derive the end-to-end traffic matrix, and then uses a heuristic data processing model to reveal the hidden traffic patterns from the end-to-end matrix.
Ø In this paper, we propose a novel statistical traffic pattern discovery system (STARS). STARS aims to derive the source/destination probability distribution, i.e., the probability for each node to be a message source/destination, and the end-to-end link probability distribution, i.e., the probability for each pair ofnodes to be an end-to-end communication pair.
Ø To achieve its goals, STARS includes two major steps:
1) Construct point-to-point traffic matrices using the time-slicing technique, and then derive the end-to-end traffic matrix with a set of traffic filtering rules; and
2) Apply a heuristic approach to identify the actual source and destination nodes, and then correlate the source nodes with their corresponding destinations.
The attacker can take advantage of STARS to perform traffic analysis as follows:
Ø Divide the entire network into multiple regions geographically;
Ø Deploy sensors along the boundaries of each region
Ø To monitor the cross-component traffic;
Ø  Treat each region as a super node and use STARS to figure out the sources, destinations, and end-to-end communication relations; and
Ø  Analyze the traffic even when nodes are close to each other by treating the close nodes as a super node.



Ø System                          :         Pentium IV 2.4 GHz.
Ø Hard Disk                      :         40 GB.
Ø Floppy Drive                 :         1.44 Mb.
Ø Monitor                         :         15 VGA Colour.
Ø Mouse                            :         Logitech.
Ø Ram                               :         512 Mb.


Ø Operating system           :         Windows XP/7/LINUX.
Ø Implementation    :         NS2
Ø NS2 Version        :         NS2.2.28
Ø Front End             : OTCL (Object Oriented Tool Command  Language)
Ø Tool                     :         Cygwin (To simulate in Windows OS)

Yang Qin, Dijiang Huang, and Bing Li,“STARS: A Statistical Traffic Pattern Discovery System for MANETs,” MARCH/APRIL 2014.