A variety of remote sensing attacks allow adversaries to break flow confidentiality and gather mission-critical information in distributed systems. Such attacks are easily supplemented by active probing attacks, where additional workload (e.g., ping packets) is injected into the victim system. This paper presents statistical pattern recognition as a fundamental technology to evaluate the effectiveness of active probing attacks. Our theoretical analysis and empirical results show that even if sophisticated approaches of link padding are used, sample entropy of probing packets' round trip time is an effective and robust feature statistic to discover the user payload traffic rate, which is important for maintaining anonymous communication. Extensive experiments on local network, campus network, and the Internet were carried out to validate the system security predicted by the theoretical analysis. We give some guidelines to reduce the effectiveness of such active probing attacks.
展开▼
