Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/3365609.3365854acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article
Open access

Towards Oblivious Network Analysis using Generative Adversarial Networks

Published: 14 November 2019 Publication History

Abstract

Modern systems across diverse application domains (e.g., IoT, automotive) have many black-box devices whose internal structures and/or protocol formats are unknown. We currently lack the tools to systematically understand the behavior and learn the security weaknesses of these black-box devices. Such tools could enable many use cases, such as: 1) identifying input packets that lead to network attacks; and 2) inferring the format of unknown protocols. Our goal is to enable oblivious network analysis which can perform the aforementioned tasks for black-box devices. In this work, we explore the use of a recent machine learning tool called generative adversarial networks (GANs) [16] to enable this vision. Unlike other competing approaches, GANs can work in a truly black-box setting and can infer complex dependencies between protocol fields with little to no supervision. We leverage GANs to show the preliminary use cases of our approaches using two case studies: 1) generating synthetic protocol messages given only samples of messages; and 2) generating attack inputs for a black-box system. While there are still many open challenges, our results suggest the early promise of GANs to enable "oblivious" analysis of networked elements.

Supplementary Material

MP4 File (p43-lin.mp4)

References

[1]
[n. d.]. Robot kills worker at Volkswagen plant in Germany. https://www.theguardian.com/world/2015/jul/02/robot-kills-worker-at-volkswagen-plant-in-germany. ([n. d.]). Accessed: 2019-06-24.
[2]
George Argyros, Ioannis Stais, Suman Jana, Angelos D. Keromytis, and Aggelos Kiayias. 2016. SFADiff: Automated Evasion Attacks and Fingerprinting Using Black-box Differential Automata Learning. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). ACM, New York, NY, USA, 1690--1701. https://doi.org/10.1145/2976749.2978383
[3]
Sanjeev Arora and Yi Zhang. 2017. Do gans actually learn the distribution? an empirical study. arXiv preprint arXiv:1706.08224 (2017).
[4]
Marshall A Beddoe. 2004. Network protocol analysis using bioinformatics algorithms. Toorcon (2004).
[5]
Georges Bossert, Frédéric Guihéry, and Guillaume Hiet. 2014. Towards automated protocol reverse engineering using semantic information. In Proceedings of the 9th ACM symposium on Information, computer and communications security. ACM, 51--62.
[6]
Sergey Bratus, Axel Hansen, and Anna Shubina. 2008. LZfuzz: a fast compression-based fuzzer for poorly documented protocols. Darmouth College, Hanover, NH, Tech. Rep. TR-2008 634 (2008).
[7]
Juan Caballero, Pongsin Poosankam, Christian Kreibich, and Dawn Song. 2009. Dispatcher: Enabling active botnet infiltration using automatic protocol reverse-engineering. In Proceedings of the 16th ACM conference on Computer and communications security. ACM, 621--634.
[8]
Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Song. 2007. Polyglot: Automatic Extraction of Protocol Message Format Using Dynamic Binary Analysis. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07). ACM, New York, NY, USA, 317--329. https://doi.org/10.1145/1315245.1315286
[9]
Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In NDSS.
[10]
Xi Chen, Yan Duan, Rein Houthooft, John Schulman, Ilya Sutskever, and Pieter Abbeel. 2016. Infogan: Interpretable representation learning by information maximizing generative adversarial nets. In Advances in neural information processing systems. 2172--2180.
[11]
Chia Yuan Cho, Eui Chul Richard Shin, Dawn Song, et al. 2010. Inference and analysis of formal models of botnet command and control protocols. In Proceedings of the 17th ACM conference on Computer and communications security. ACM, 426--439.
[12]
Kyong-Tak Cho and Kang G Shin. 2016. Error handling of in-vehicle networks makes them vulnerable. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1044--1055.
[13]
Cristóbal Esteban, Stephanie L Hyland, and Gunnar Rätsch. 2017. Real-valued (medical) time series generation with recurrent conditional gans. arXiv preprint arXiv:1706.02633 (2017).
[14]
Hugo Gascon, Christian Wressnegger, Fabian Yamaguchi, Daniel Arp, and Konrad Rieck. 2015. Pulsar: Stateful Black-Box Fuzzing of Proprietary Network Protocols. In SecureComm.
[15]
Erol Gelenbe, Gökçe Görbil, Dimitrios Tzovaras, Steffen Liebergeld, David Garcia, Madalina Baltatu, and George Lyberopoulos. 2013. NEMESYS: Enhanced network security for seamless service provisioning in the smart mobile ecosystem. In Information Sciences and Systems 2013. Springer, 369--378.
[16]
Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative adversarial nets. In Advances in neural information processing systems. 2672--2680.
[17]
Ishaan Gulrajani, Faruk Ahmed, Martin Arjovsky, Vincent Dumoulin, and Aaron C Courville. 2017. Improved training of wasserstein gans. In Advances in Neural Information Processing Systems. 5767--5777.
[18]
Sepp Hochreiter and Jürgen Schmidhuber. 1997. Long short-term memory. Neural computation 9, 8 (1997), 1735--1780.
[19]
Rob Millerb Ishtiaq Roufa, Hossen Mustafaa, Sangho Ohb Travis Taylora, Wenyuan Xua, Marco Gruteserb, Wade Trappeb, and Ivan Seskarb. 2010. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In 19th USENIX Security Symposium, Washington DC. 11--13.
[20]
Insu Jeon, Wonkwang Lee, and Gunhee Kim. 2018. IB-GAN: Disentangled Representation Learning with Information Bottleneck GAN. (2018).
[21]
Tero Karras, Timo Aila, Samuli Laine, and Jaakko Lehtinen. 2017. Progressive growing of gans for improved quality, stability, and variation. arXiv preprint arXiv:1710.10196 (2017).
[22]
Sekar Kulandaivel, Tushar Goyal, Arnav Kumar Agrawal, and Vyas Sekar. 2019. CANvas: Fast and Inexpensive Automotive Network Mapping. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA. https://www.usenix.org/conference/usenixsecurity19/presentation/kulandaivel
[23]
Zinan Lin, Alankar Jain, Chen Wang, Giulia Fanti, and Vyas Sekar. 2019. Generating High-fidelity, Synthetic Time Series Datasets with DoppelGANger. arXiv preprint arXiv:1909.13403 (2019).
[24]
Zinan Lin, Kiran Koshy Thekumparampil, Giulia Fanti, and Sewoong Oh. 2019. InfoGAN-CR: Disentangling Generative Adversarial Networks with Contrastive Regularizers. arXiv preprint arXiv:1906.06034 (2019).
[25]
Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. Black Hat USA 2015 (2015), 91.
[26]
Mehdi Mirza and Simon Osindero. 2014. Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784 (2014).
[27]
Soo-Jin Moon, Jeffrey Helt, Yifei Yuan, Yves Bieri, Sujata Banerjee, Vyas Sekar, Wenfei Wu, Mihalis Yannakakis, and Ying Zhang. 2019. Alembic: Automated Model Inference for Stateful Network Functions. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). USENIX Association, Boston, MA, 699--718. https://www.usenix.org/conference/nsdi19/presentation/moon
[28]
Saul B Needleman and Christian D Wunsch. 1970. A general method applicable to the search for similarities in the amino acid sequence of two proteins. Journal of molecular biology 48, 3 (1970), 443--453.
[29]
Masatoshi Nei, Fumio Tajima, and Yoshio Tateno. 1983. Accuracy of estimated phylogenetic trees from molecular data. Journal of molecular evolution 19, 2 (1983), 153--170.
[30]
Nicholas A Nystrom, Michael J Levine, Ralph Z Roskies, and J Scott. 2015. Bridges: a uniquely flexible HPC resource for new communities and data analytics. In Proceedings of the 2015 XSEDE Conference: Scientific Advancements Enabled by Enhanced Cyberinfrastructure. ACM, 30.
[31]
Vern Paxson. 2001. An Analysis of Using Reflectors for Distributed Denial-of-service Attacks. SIGCOMM Comput. Commun. Rev. 31, 3 (July 2001), 38--47. https://doi.org/10.1145/505659.505664
[32]
Luis Pedrosa, Ari Fogel, Nupur Kothari, Ramesh Govindan, Ratul Mahajan, and Todd Millstein. 2015. Analyzing Protocol Implementations for Interoperability. In Proceedings of the 12th USENIX Conference on Networked Systems Design and Implementation (NSDI'15). USENIX Association, Berkeley, CA, USA, 485--498. http://dl.acm.org/citation.cfm?id=2789770.2789804
[33]
Luis Pedrosa, Rishabh Iyer, Arseniy Zaostrovnykh, Jonas Fietz, and Katerina Argyraki. 2018. Automated Synthesis of Adversarial Workloads for Network Functions. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication (SIGCOMM '18). ACM, New York, NY, USA, 372--385. https://doi.org/10.1145/3230543.3230573
[34]
Theofilos Petsios, Jason Zhao, Angelos D. Keromytis, and Suman Jana. 2017. SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). ACM, New York, NY, USA, 2155--2168. https://doi.org/10.1145/3133956.3134073
[35]
Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, and Suman Jana. 2019. Neuzz: Efficient fuzzing with neural program learning. In 2019 IEEE Symposium on Security and Privacy (SP).
[36]
Suphannee Sivakorn, George Argyros, Kexin Pei, Angelos D. Keromytis, and Suman Jana. 2017. HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations. In Proceedings of the 38th IEEE Symposium on Security & Privacy. San Jose, CA.
[37]
Temple F Smith, Michael S Waterman, et al. 1981. Identification of common molecular subsequences. Journal of molecular biology 147, 1 (1981), 195--197.
[38]
John Towns, Timothy Cockerill, Maytal Dahan, Ian Foster, Kelly Gaither, Andrew Grimshaw, Victor Hazlewood, Scott Lathrop, Dave Lifka, Gregory D Peterson, et al. 2014. XSEDE: accelerating scientific discovery. Computing in Science & Engineering 16, 5 (2014), 62--74.
[39]
Yipeng Wang, Xiaochun Yun, M Zubair Shafiq, Liyan Wang, Alex X Liu, Zhibin Zhang, Danfeng Yao, Yongzheng Zhang, and Li Guo. 2012. A semantics aware approach to automated reverse engineering unknown protocols. In 2012 20th IEEE International Conference on Network Protocols (ICNP). IEEE, 1--10.
[40]
Zhiqiang Wang, Yuqing Zhang, and Qixu Liu. 2013. RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing. TIIS 7 (2013), 1989-2009.
[41]
Maverick Woo, Sang Kil Cha, Samantha Gottlieb, and David Brumley. 2013. Scheduling Black-box Mutational Fuzzing. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS '13). ACM, New York, NY, USA, 511--522. https://doi. org/10.1145/2508859.2516736
[42]
Michal Zalewski. 2014. American fuzzy lop. (2014). http://lcamtuf.coredump.cx/afl/

Cited By

View all
  • (2023)AdFAT: Adversarial Flow Arrival Time Generation for Demand-Oblivious Data Center Networks2023 19th International Conference on Network and Service Management (CNSM)10.23919/CNSM59352.2023.10327896(1-5)Online publication date: 30-Oct-2023
  • (2023)Illuminating the hidden challenges of data-driven CDNsProceedings of the 3rd Workshop on Machine Learning and Systems10.1145/3578356.3592574(94-103)Online publication date: 8-May-2023
  • (2023)ResolFuzz: Differential Fuzzing of DNS ResolversComputer Security – ESORICS 202310.1007/978-3-031-51476-0_4(62-80)Online publication date: 25-Sep-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
HotNets '19: Proceedings of the 18th ACM Workshop on Hot Topics in Networks
November 2019
176 pages
ISBN:9781450370202
DOI:10.1145/3365609
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2019

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

HotNets '19
Sponsor:
HotNets '19: The 18th ACM Workshop on Hot Topics in Networks
November 13 - 15, 2019
NJ, Princeton, USA

Acceptance Rates

Overall Acceptance Rate 110 of 460 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)102
  • Downloads (Last 6 weeks)13
Reflects downloads up to 27 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2023)AdFAT: Adversarial Flow Arrival Time Generation for Demand-Oblivious Data Center Networks2023 19th International Conference on Network and Service Management (CNSM)10.23919/CNSM59352.2023.10327896(1-5)Online publication date: 30-Oct-2023
  • (2023)Illuminating the hidden challenges of data-driven CDNsProceedings of the 3rd Workshop on Machine Learning and Systems10.1145/3578356.3592574(94-103)Online publication date: 8-May-2023
  • (2023)ResolFuzz: Differential Fuzzing of DNS ResolversComputer Security – ESORICS 202310.1007/978-3-031-51476-0_4(62-80)Online publication date: 25-Sep-2023
  • (2020)Generative Deep Learning for Internet of Things Network Traffic Generation2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC)10.1109/PRDC50213.2020.00018(70-79)Online publication date: Dec-2020

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media