Machine Learning Empowered Cyber Attack and Defense

Artificial Intelligence plays a more vital role in understanding threats, vulnerabilities, and security policies in today’s network. In this talk, two works on machine learning empowered cyber attack and defense will be discussed. In the first work, we aim at thwarting malicious efforts (i.e., adversarial, active end-to-end network measurement) targeting the inference of network topology information. Network topology is the fundamental information for building network infrastructure functionalities, such as path routing and packet forwarding. Many network applications require prior knowledge of the topology, especially for applications built on top of overlay network techniques, such as P2P, VPN, CDN and VoIP. However, adversaries may also take advantage of available topology information to advance their malicious objectives, leading to more precise and effective attacks. Herein, we propose a proactive topology obfuscation system that adopts a detect-then-obfuscate framework: (i) a lightweight machine learning empowered probing behavior identification mechanism is designed to detect any probing behavior, and then (ii) a topology obfuscation design is developed to proactively delay all identified probe packets in a way such that the attacker will obtain a structurally accurate yet fake network topology. The second work focuses on adversarial activity inferring on encrypted network traffic. Wireless communications have become an intrinsic part of many critical applications in both civilian and military networks. Due to the open channel nature, wireless networks are vulnerable to eavesdropping attacks. Though wireless conversation can be encrypted against eavesdropping, it has been shown that the encrypted traffic may still reveal user’s activities via traffic analysis. In this work, we propose a machine learning empowered smart spying strategy that can accurately infer a user’s sensitive activities from the encrypted wireless traffic.