research-article

Open access

Towards Oblivious Network Analysis using Generative Adversarial Networks

Authors:

Carolina M. Zarate,

Ritika Mulagalapalli,

Sekar Kulandaivel,

Vyas SekarAuthors Info & Claims

HotNets '19: Proceedings of the 18th ACM Workshop on Hot Topics in Networks

Pages 43 - 51

https://doi.org/10.1145/3365609.3365854

Published: 14 November 2019 Publication History

Abstract

Modern systems across diverse application domains (e.g., IoT, automotive) have many black-box devices whose internal structures and/or protocol formats are unknown. We currently lack the tools to systematically understand the behavior and learn the security weaknesses of these black-box devices. Such tools could enable many use cases, such as: 1) identifying input packets that lead to network attacks; and 2) inferring the format of unknown protocols. Our goal is to enable oblivious network analysis which can perform the aforementioned tasks for black-box devices. In this work, we explore the use of a recent machine learning tool called generative adversarial networks (GANs) [16] to enable this vision. Unlike other competing approaches, GANs can work in a truly black-box setting and can infer complex dependencies between protocol fields with little to no supervision. We leverage GANs to show the preliminary use cases of our approaches using two case studies: 1) generating synthetic protocol messages given only samples of messages; and 2) generating attack inputs for a black-box system. While there are still many open challenges, our results suggest the early promise of GANs to enable "oblivious" analysis of networked elements.

Supplementary Material

MP4 File (p43-lin.mp4)

Download
336.41 MB

References

[1]

[n. d.]. Robot kills worker at Volkswagen plant in Germany. https://www.theguardian.com/world/2015/jul/02/robot-kills-worker-at-volkswagen-plant-in-germany. ([n. d.]). Accessed: 2019-06-24.

[2]

George Argyros, Ioannis Stais, Suman Jana, Angelos D. Keromytis, and Aggelos Kiayias. 2016. SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA, 1690--1701. https://doi.org/10.1145/2976749.2978383

Digital Library

[3]

Sanjeev Arora and Yi Zhang. 2017. Do gans actually learn the distribution? an empirical study. arXiv preprint arXiv:1706.08224 (2017).

[4]

Marshall A Beddoe. 2004. Network protocol analysis using bioinformatics algorithms. Toorcon (2004).

[5]

Georges Bossert, Frédéric Guihéry, and Guillaume Hiet. 2014. Towards automated protocol reverse engineering using semantic information. In Proceedings of the 9th ACM symposium on Information, computer and communications security. ACM, 51--62.

Digital Library

[6]

Sergey Bratus, Axel Hansen, and Anna Shubina. 2008. LZfuzz: a fast compression-based fuzzer for poorly documented protocols. Darmouth College, Hanover, NH, Tech. Rep. TR-2008 634 (2008).

[7]

Juan Caballero, Pongsin Poosankam, Christian Kreibich, and Dawn Song. 2009. Dispatcher: Enabling active botnet infiltration using automatic protocol reverse-engineering. In Proceedings of the 16th ACM conference on Computer and communications security. ACM, 621--634.

Digital Library

[8]

Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Song. 2007. Polyglot: Automatic Extraction of Protocol Message Format Using Dynamic Binary Analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07). ACM, New York, NY, USA, 317--329. https://doi.org/10.1145/1315245.1315286

Digital Library

[9]

Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In NDSS.

[10]

Xi Chen, Yan Duan, Rein Houthooft, John Schulman, Ilya Sutskever, and Pieter Abbeel. 2016. Infogan: Interpretable representation learning by information maximizing generative adversarial nets. In Advances in neural information processing systems. 2172--2180.

Digital Library

[11]

Chia Yuan Cho, Eui Chul Richard Shin, Dawn Song, et al. 2010. Inference and analysis of formal models of botnet command and control protocols. In Proceedings of the 17th ACM conference on Computer and communications security. ACM, 426--439.

Digital Library

[12]

Kyong-Tak Cho and Kang G Shin. 2016. Error handling of in-vehicle networks makes them vulnerable. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1044--1055.

Digital Library

[13]

Cristóbal Esteban, Stephanie L Hyland, and Gunnar Rätsch. 2017. Real-valued (medical) time series generation with recurrent conditional gans. arXiv preprint arXiv:1706.02633 (2017).

[14]

Hugo Gascon, Christian Wressnegger, Fabian Yamaguchi, Daniel Arp, and Konrad Rieck. 2015. Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols. In SecureComm.

[15]

Erol Gelenbe, Gökçe Görbil, Dimitrios Tzovaras, Steffen Liebergeld, David Garcia, Madalina Baltatu, and George Lyberopoulos. 2013. NEMESYS: Enhanced network security for seamless service provisioning in the smart mobile ecosystem. In Information Sciences and Systems 2013. Springer, 369--378.

[16]

Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems. 2672--2680.

[17]

Ishaan Gulrajani, Faruk Ahmed, Martin Arjovsky, Vincent Dumoulin, and Aaron C Courville. 2017. Improved training of wasserstein gans. In Advances in Neural Information Processing Systems. 5767--5777.

[18]

Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long short-term memory. Neural computation 9, 8 (1997), 1735--1780.

[19]

Rob Millerb Ishtiaq Roufa, Hossen Mustafaa, Sangho Ohb Travis Taylora, Wenyuan Xua, Marco Gruteserb, Wade Trappeb, and Ivan Seskarb. 2010. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In 19th USENIX Security Symposium, Washington DC. 11--13.

Digital Library

[20]

Insu Jeon, Wonkwang Lee, and Gunhee Kim. 2018. IB-GAN: Disentangled Representation Learning with Information Bottleneck GAN. (2018).

[21]

Tero Karras, Timo Aila, Samuli Laine, and Jaakko Lehtinen. 2017. Progressive growing of gans for improved quality, stability, and variation. arXiv preprint arXiv:1710.10196 (2017).

[22]

Sekar Kulandaivel, Tushar Goyal, Arnav Kumar Agrawal, and Vyas Sekar. 2019. CANvas: Fast and Inexpensive Automotive Network Mapping. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA. https://www.usenix.org/conference/usenixsecurity19/presentation/kulandaivel

[23]

Zinan Lin, Alankar Jain, Chen Wang, Giulia Fanti, and Vyas Sekar. 2019. Generating High-fidelity, Synthetic Time Series Datasets with DoppelGANger. arXiv preprint arXiv:1909.13403 (2019).

[24]

Zinan Lin, Kiran Koshy Thekumparampil, Giulia Fanti, and Sewoong Oh. 2019. InfoGAN-CR: Disentangling Generative Adversarial Networks with Contrastive Regularizers. arXiv preprint arXiv:1906.06034 (2019).

[25]

Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015 (2015), 91.

[26]

Mehdi Mirza and Simon Osindero. 2014. Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784 (2014).

[27]

Soo-Jin Moon, Jeffrey Helt, Yifei Yuan, Yves Bieri, Sujata Banerjee, Vyas Sekar, Wenfei Wu, Mihalis Yannakakis, and Ying Zhang. 2019. Alembic: Automated Model Inference for Stateful Network Functions. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). USENIX Association, Boston, MA, 699--718. https://www.usenix.org/conference/nsdi19/presentation/moon

[28]

Saul B Needleman and Christian D Wunsch. 1970. A general method applicable to the search for similarities in the amino acid sequence of two proteins. Journal of molecular biology 48, 3 (1970), 443--453.

[29]

Masatoshi Nei, Fumio Tajima, and Yoshio Tateno. 1983. Accuracy of estimated phylogenetic trees from molecular data. Journal of molecular evolution 19, 2 (1983), 153--170.

[30]

Nicholas A Nystrom, Michael J Levine, Ralph Z Roskies, and J Scott. 2015. Bridges: a uniquely flexible HPC resource for new communities and data analytics. In Proceedings of the 2015 XSEDE Conference: Scientific Advancements Enabled by Enhanced Cyberinfrastructure. ACM, 30.

Digital Library

[31]

Vern Paxson. 2001. An Analysis of Using Reflectors for Distributed Denial-of-service Attacks. SIGCOMM Comput. Commun. Rev. 31, 3 (July 2001), 38--47. https://doi.org/10.1145/505659.505664

Digital Library

[32]

Luis Pedrosa, Ari Fogel, Nupur Kothari, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. Analyzing Protocol Implementations for Interoperability. In Proceedings of the 12th USENIX Conference on Networked Systems Design and Implementation (NSDI'15). USENIX Association, Berkeley, CA, USA, 485--498. http://dl.acm.org/citation.cfm?id=2789770.2789804

Digital Library

[33]

Luis Pedrosa, Rishabh Iyer, Arseniy Zaostrovnykh, Jonas Fietz, and Katerina Argyraki. 2018. Automated Synthesis of Adversarial Workloads for Network Functions. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM '18). ACM, New York, NY, USA, 372--385. https://doi.org/10.1145/3230543.3230573

Digital Library

[34]

Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, and Suman Jana. 2017. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). ACM, New York, NY, USA, 2155--2168. https://doi.org/10.1145/3133956.3134073

Digital Library

[35]

Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, and Suman Jana. 2019. Neuzz: Efficient fuzzing with neural program learning. In 2019 IEEE Symposium on Security and Privacy (SP).

[36]

Suphannee Sivakorn, George Argyros, Kexin Pei, Angelos D. Keromytis, and Suman Jana. 2017. HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations. In Proceedings of the 38th IEEE Symposium on Security & Privacy. San Jose, CA.

[37]

Temple F Smith, Michael S Waterman, et al. 1981. Identification of common molecular subsequences. Journal of molecular biology 147, 1 (1981), 195--197.

[38]

John Towns, Timothy Cockerill, Maytal Dahan, Ian Foster, Kelly Gaither, Andrew Grimshaw, Victor Hazlewood, Scott Lathrop, Dave Lifka, Gregory D Peterson, et al. 2014. XSEDE: accelerating scientific discovery. Computing in Science & Engineering 16, 5 (2014), 62--74.

[39]

Yipeng Wang, Xiaochun Yun, M Zubair Shafiq, Liyan Wang, Alex X Liu, Zhibin Zhang, Danfeng Yao, Yongzheng Zhang, and Li Guo. 2012. A semantics aware approach to automated reverse engineering unknown protocols. In 2012 20th IEEE International Conference on Network Protocols (ICNP). IEEE, 1--10.

Digital Library

[40]

Zhiqiang Wang, Yuqing Zhang, and Qixu Liu. 2013. RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing. TIIS 7 (2013), 1989-2009.

[41]

Maverick Woo, Sang Kil Cha, Samantha Gottlieb, and David Brumley. 2013. Scheduling Black-box Mutational Fuzzing. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS '13). ACM, New York, NY, USA, 511--522. https://doi. org/10.1145/2508859.2516736

Digital Library

[42]

Michal Zalewski. 2014. American fuzzy lop. (2014). http://lcamtuf.coredump.cx/afl/

Cited By

Schmidt SZerwas JKellerer W(2023)AdFAT: Adversarial Flow Arrival Time Generation for Demand-Oblivious Data Center Networks2023 19th International Conference on Network and Service Management (CNSM)10.23919/CNSM59352.2023.10327896(1-5)Online publication date: 30-Oct-2023
https://doi.org/10.23919/CNSM59352.2023.10327896
Benson TYoneki ENardi L(2023)Illuminating the hidden challenges of data-driven CDNsProceedings of the 3rd Workshop on Machine Learning and Systems10.1145/3578356.3592574(94-103)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3578356.3592574
Bushart JRossow C(2023)ResolFuzz: Differential Fuzzing of DNS ResolversComputer Security – ESORICS 202310.1007/978-3-031-51476-0_4(62-80)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1007/978-3-031-51476-0_4
Show More Cited By

Recommendations

Network Oblivious Transfer
Proceedings, Part II, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 9815

Motivated by the goal of improving the concrete efficiency of secure multiparty computation MPC, we study the possibility of implementing an infrastructure for MPC. We propose an infrastructure based on oblivious transfer OT, which would consist of OT ...
Computationally Secure Oblivious Transfer

We describe new computationally secure protocols of 1-out-of-N oblivious transfer, k-out-of-N oblivious transfer, and oblivious transfer with adaptive queries. The protocols are very efficient compared with solutions based on generic two-party ...
More Efficient Oblivious Transfer Extensions

Oblivious transfer (OT) is one of the most fundamental primitives in cryptography and is widely used in protocols for secure two-party and multi-party computation. As secure computation becomes more practical, the need for practical large-scale OT ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

HotNets '19: Proceedings of the 18th ACM Workshop on Hot Topics in Networks

November 2019

176 pages

ISBN:9781450370202

DOI:10.1145/3365609

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

HotNets '19

Sponsor:

SIGCOMM

HotNets '19: The 18th ACM Workshop on Hot Topics in Networks

November 13 - 15, 2019

NJ, Princeton, USA

Acceptance Rates

Overall Acceptance Rate 110 of 460 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
1,342
Total Downloads

Downloads (Last 12 months)94
Downloads (Last 6 weeks)13

Reflects downloads up to 14 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Schmidt SZerwas JKellerer W(2023)AdFAT: Adversarial Flow Arrival Time Generation for Demand-Oblivious Data Center Networks2023 19th International Conference on Network and Service Management (CNSM)10.23919/CNSM59352.2023.10327896(1-5)Online publication date: 30-Oct-2023
https://doi.org/10.23919/CNSM59352.2023.10327896
Benson TYoneki ENardi L(2023)Illuminating the hidden challenges of data-driven CDNsProceedings of the 3rd Workshop on Machine Learning and Systems10.1145/3578356.3592574(94-103)Online publication date: 8-May-2023
https://dl.acm.org/doi/10.1145/3578356.3592574
Bushart JRossow C(2023)ResolFuzz: Differential Fuzzing of DNS ResolversComputer Security – ESORICS 202310.1007/978-3-031-51476-0_4(62-80)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1007/978-3-031-51476-0_4
Shahid MBlanc GJmila HZhang ZDebar H(2020)Generative Deep Learning for Internet of Things Network Traffic Generation2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC)10.1109/PRDC50213.2020.00018(70-79)Online publication date: Dec-2020
https://doi.org/10.1109/PRDC50213.2020.00018

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents