New traffic analysis testbed being created in Information Trust Institute
Jenny Applequist, Information Trust Institute
- Prof. Todd Coleman will recieve equipment from the Air Force to study traffic analysis.
- The equipment will allow Coleman and his team to develop realistic network traffic and study the generated traffic.
- The equipment will also allow researchers to study complex dynamics among multiple network flows and multiple aspects of traffic flow beyond timing.
ECE Assistant Professor Todd Prentice Coleman and Industrial and Enterprise Systems Engineering Assistant Professor Negar Kiyavash, both researchers in the Information Trust Institute (ITI), have long been pursuing research at the cutting edge of information theory and statistical signal processing. Now the Air Force is providing their research team with equipment to build a testbed that they, and other ITI faculty, will be able to use to generate traffic in order to address a broad range of problems related to traffic analysis.
The new award from the U.S. Air Force Office of Scientific Research (AFOSR) will permit the creation of the Traffic Timing Analysis Testbed (TTAT). TTAT will be used to create realistic network traffic. The generated traffic will enable both derivation of accurate analytical models for traffic and validation of robustness of practical schemes to be developed by the researchers.
The testbed will be available to any ITI faculty who need it for their research, which is expected to range from the statistical signal processing work of Kiyavash and Coleman to research on how traffic analysis applies to real-world security and privacy problems, such as work being pursued by ECE Assistant Professor Nikita Borisov. It can also be integrated with the existing validation testbed of ITI's
Trustworthy Cyber Infrastructure for the Power Grid (TCIP) Center as needed to achieve experimental goals.
Kiyavash and Coleman's research area, statistical signal processing, addresses the statistical properties of any kind of signal, such as network traffic, characterized by packet sizes, packet timing, content, and certain other attributes. It provides a mathematical framework for analyzing signals and for making inferences and decisions with certain performance guarantees. Specifically, Kiyavash and Coleman are interested in work on monitoring of network flows. Coleman explained, "We are developing minimally disruptive techniques to monitor and analyze the flow of packets as they propagate through a network, for the purpose of performance monitoring, security analysis, and post-failure forensics, among other applications."
In a related effort, they are working to develop ways to convey information based on timing, roughly analogous to schemes in which communication is achieved through the timing of telephone calls rather than the content of the conversations— schemes in which, for example, placing a phone call at 2:00 p.m. could be a coded way of saying "yes," while a phone call at 3:00 p.m. could mean "no."
The TTAT testbed will make it easier for the researchers to study not just single groups of network packets, but complex dynamics among multiple network flows, and to study multiple aspects of traffic flow beyond just timing.
Kiyavash's broader research interests cover communication and computer security. After completing her graduate coursework, which had a focus on cryptography and information forensics, she became interested in a variety of inference problems over networks, focusing in part on security problems and a methodology to solve them that lies at the interface between information theory and statistical signal processing. The TTAT testbed will give her a crucial new research tool. "Any statistical inference over a network is based on probabilistic models of network traffic," she explained. "These models have to be realistic for the resulting inference methodologies to be sound. This testbed will generate the realistic traffic we need."
Kiyavash described the value of the testbed for her collaborative work with Borisov and Coleman. "To make the mathematics tractable, we often make idealized assumptions about the nature of network traffic." The result can be uncertainty about whether a theoretically sound approach will be robust in real conditions. "The TTAP testbed equipment is going to mimic the real world, allowing us to ensure that protocols and algorithms we develop perform well in real scenarios. It will help us create an important bridge between theory and practice."
Coleman, who also with the Coordinated Science Laboratory as well as the Information Trust Institute at Illinois, will serve as principal investigator of the work under the new award. His co-principal investigators, all of whom are ITI members, include Kiyavash, ECE Professor David Malcolm Nicol, and ECE Professor William H. Sanders, who is also the director of ITI and acting director of the Coordinated Science Laboratory at Illinois. In addition, Borisov will take a leading role in setting up the TTAT testbed and conducting research on it.
The award was provided by the Defense University Research Instrumentation Program (DURIP), a Department of Defense program administered through AFOSR. DURIP was designed specifically to fund the acquisition of research equipment by U.S. institutions of higher education, for the purpose of supporting scientific research and education in areas important to national defense.