A Game-Theoretically Optimal Defense Paradigm against Traffic Analysis Attacks using Multipath Routing and Deception

While encryption can protect network traffic against simple on-path eavesdropping attacks, it cannot prevent sophisticated traffic analysis (TA) attacks from inferring sensitive information. TA attackers utilize machine learning algorithms to learn the traffic patterns of a communication (e.g., a website visit) and then use these learned patterns to accurately identify similar communications (which website is being visited by a targeted user), even though packets are encrypted. In this paper, we propose a novel and effective defense approach to protect users' privacy against TA attacks. The proposed approach is based on two proactive defense paradigms: multipath routing and deception. The route randomization strategy distributes packets of a flow on multiple paths between a source and destination to restrict the amount of traffic that a TA adversary can collect from a flow. The deception strategy augments the randomization strategy by injecting fake packets among the real packets of a flow on different paths. Our focal research problem is to identify the optimal strategies for how real and fake packets must be distributed on multiple paths with different capacities to achieve maximum effectiveness against TA attacks. We formalize the problem as a zero-sum game and show that the water-filling distribution of real and fake packets provides an optimal defense solution. Through theoretical and experimental studies, we demonstrate that the proposed approach can significantly degrade the accuracy of the TA attacks. Unlike other defensive approaches in the literature, our approach works without manipulating the production traffic (e.g., delaying packets or padding), or requiring any real-time information about the protected traffic flows.