Research has proved that supposedly secure encrypted network traffic is actually threatened by privacy and security violations from many aspects. This is mainly due to flow features leaking evidence about user activity and data content. Currently, adversaries can use statistical traffic analysis to create classifiers for network applications and infer users’ sensitive data. In this article, we propose a system that optimally prevents traffic feature leaks. In our first algorithm, we model the packet length probability distribution of the source app to be protected and that of the target app that the source app will resemble. We define a model that mutates the packet lengths of a source app to those lengths from the target app having similar bin probability. This would confuse a classifier by identifying a mutated source app as the target app. In our second obfuscation algorithm, we present an optimized scheme resulting in a trade-off between privacy and complexity overhead. For this reason, we propose a mathematical model for network obfuscation. We formulate analytically the problem of selecting the target app and the length from the target app to mutate to. Then, we propose an algorithm to solve it dynamically. Extensive evaluation of the proposed models, on real app traffic traces, shows significant obfuscation efficiency with relatively acceptable overhead. We were able to reduce a classification accuracy from 91.1% to 0.22% using the first algorithm, with 11.86% padding overhead. The same classification accuracy was reduced to 1.76% with only 0.73% overhead using the second algorithm.
Packet Length Spectral Analysis for IoT Flow Classification Using Ensemble Learning