RevealNet: Distributed Traffic Correlation for Attack Attribution on Programmable Networks
- URL: http://arxiv.org/abs/2505.00618v1
- Date: Thu, 01 May 2025 15:48:35 GMT
- Title: RevealNet: Distributed Traffic Correlation for Attack Attribution on Programmable Networks
- Authors: Gurjot Singh, Alim Dhanani, Diogo Barradas,
- Abstract summary: RevealNet is a decentralized framework for attack attribution.<n>It orchestrates a fleet of P4-programmable switches to perform traffic correlation.<n>Our evaluation suggests that RevealNet achieves comparable accuracy to centralized attack attribution systems.
- Score: 3.351939661661333
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Network attackers have increasingly resorted to proxy chains, VPNs, and anonymity networks to conceal their activities. To tackle this issue, past research has explored the applicability of traffic correlation techniques to perform attack attribution, i.e., to identify an attacker's true network location. However, current traffic correlation approaches rely on well-provisioned and centralized systems that ingest flows from multiple network probes to compute correlation scores. Unfortunately, this makes correlation efforts scale poorly for large high-speed networks. In this paper, we propose RevealNet, a decentralized framework for attack attribution that orchestrates a fleet of P4-programmable switches to perform traffic correlation. RevealNet builds on a set of correlation primitives inspired by prior work on computing and comparing flow sketches -- compact summaries of flows' key characteristics -- to enable efficient, distributed, in-network traffic correlation. Our evaluation suggests that RevealNet achieves comparable accuracy to centralized attack attribution systems while significantly reducing both the computational complexity and bandwidth overheads imposed by correlation tasks.
Related papers
- Cluster-Aware Attacks on Graph Watermarks [50.19105800063768]
We introduce a cluster-aware threat model in which adversaries apply community-guided modifications to evade detection.
Our results show that cluster-aware attacks can reduce attribution accuracy by up to 80% more than random baselines.
We propose a lightweight embedding enhancement that distributes watermark nodes across graph communities.
arXiv Detail & Related papers (2025-04-24T22:49:28Z) - MUFFLER: Secure Tor Traffic Obfuscation with Dynamic Connection Shuffling and Splitting [11.967326811104831]
MUFFLER is a connection-level traffic obfuscation system designed to secure Tor egress traffic.<n>It maps real connections to a distinct set of virtual connections between the final Tor nodes and targeted services.<n>It achieves up to 27x lower latency overhead than existing solutions and seamlessly integrates with the current Tor architecture.
arXiv Detail & Related papers (2025-04-10T08:17:17Z) - Early-MFC: Enhanced Flow Correlation Attacks on Tor via Multi-view Triplet Networks with Early Network Traffic [1.7244120238071496]
We propose flow correlation attack with early network traffic, named Early-MFC, based on multi-view triplet networks.<n>The proposed approach extracts multi-view traffic features from the payload at the transport layer and the Inter-Packet Delay.<n>It then integrates multi-view flow information, converting the extracted features into shared embeddings.
arXiv Detail & Related papers (2025-03-21T04:36:51Z) - Multi-view Correlation-aware Network Traffic Detection on Flow Hypergraph [5.64836465356865]
We propose a multi-view correlation-aware framework named FlowID for network traffic detection.<n>FlowID captures multi-view traffic features via temporal and interaction awareness, while a hypergraph encoder further explores higher-order relationships between flows.<n>We show that FlowID significantly outperforms existing methods in accuracy, robustness, and generalization across diverse network scenarios.
arXiv Detail & Related papers (2025-01-15T06:17:06Z) - Enforcing Fundamental Relations via Adversarial Attacks on Input Parameter Correlations [76.2226569692207]
Correlations between input parameters play a crucial role in many scientific classification tasks.<n>We present a new adversarial attack algorithm called Random Distribution Shuffle Attack (RDSA)<n>We demonstrate the RDSA effectiveness on six classification tasks.
arXiv Detail & Related papers (2025-01-09T21:45:09Z) - NetFlowGen: Leveraging Generative Pre-training for Network Traffic Dynamics [72.95483148058378]
We propose to pre-train a general-purpose machine learning model to capture traffic dynamics with only traffic data from NetFlow records.<n>We address challenges such as unifying network feature representations, learning from large unlabeled traffic data volume, and testing on real downstream tasks in DDoS attack detection.
arXiv Detail & Related papers (2024-12-30T00:47:49Z) - MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
Classifying traffic is essential for detecting security threats and optimizing network management.<n>We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.<n>MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
arXiv Detail & Related papers (2024-12-19T12:52:53Z) - Progressive Pruning: Analyzing the Impact of Intersection Attacks [1.8434042562191815]
Stream-based communication poses unique challenges for anonymous communication networks (ACNs)<n>Traditionally designed for independent messages, ACNs struggle to account for the inherent vulnerabilities of streams.<n>We introduce progressive pruning, a novel methodology for quantifying the susceptibility to intersection attacks.
arXiv Detail & Related papers (2024-10-11T10:40:51Z) - Efficient Network Representation for GNN-based Intrusion Detection [2.321323878201932]
The last decades have seen a growth in the number of cyber-attacks with severe economic and privacy damages.
We propose a novel network representation as a graph of flows that aims to provide relevant topological information for the intrusion detection task.
We present a Graph Neural Network (GNN) based framework responsible for exploiting the proposed graph structure.
arXiv Detail & Related papers (2023-09-11T16:10:12Z) - The Double-Edged Sword of Implicit Bias: Generalization vs. Robustness
in ReLU Networks [64.12052498909105]
We study the implications of the implicit bias of gradient flow on generalization and adversarial robustness in ReLU networks.
In two-layer ReLU networks gradient flow is biased towards solutions that generalize well, but are highly vulnerable to adversarial examples.
arXiv Detail & Related papers (2023-03-02T18:14:35Z) - Correlating sparse sensing for large-scale traffic speed estimation: A
Laplacian-enhanced low-rank tensor kriging approach [76.45949280328838]
We propose a Laplacian enhanced low-rank tensor (LETC) framework featuring both lowrankness and multi-temporal correlations for large-scale traffic speed kriging.
We then design an efficient solution algorithm via several effective numeric techniques to scale up the proposed model to network-wide kriging.
arXiv Detail & Related papers (2022-10-21T07:25:57Z) - A Lightweight, Efficient and Explainable-by-Design Convolutional Neural
Network for Internet Traffic Classification [9.365794791156972]
This paper introduces a new Lightweight, Efficient and eXplainable-by-design convolutional neural network (LEXNet) for Internet traffic classification.
LEXNet relies on a new residual block (for lightweight and efficiency purposes) and prototype layer (for explainability)
Based on a commercial-grade dataset, our evaluation shows that LEXNet succeeds to maintain the same accuracy as the best performing state-of-the-art neural network.
arXiv Detail & Related papers (2022-02-11T10:21:34Z) - Decomposing neural networks as mappings of correlation functions [57.52754806616669]
We study the mapping between probability distributions implemented by a deep feed-forward network.
We identify essential statistics in the data, as well as different information representations that can be used by neural networks.
arXiv Detail & Related papers (2022-02-10T09:30:31Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.