Noise Tolerant Symbolic Learning of Markov Models of Tunneled Protocols

Bhanu H., Schwier J., Craven R., Ozcelik I., Griffin C., Brooks R. R.

7th IEEE International Wireless Communications and Mobile Computing Conference (IWCMC), İstanbul, Turkey, 4 - 08 July 2011, pp.1310-1314 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume:
  • Doi Number: 10.1109/iwcmc.2011.5982729
  • City: İstanbul
  • Country: Turkey
  • Page Numbers: pp.1310-1314
  • Recep Tayyip Erdoğan University Affiliated: No


Recent research has exposed timing side channel vulnerabilities in many security applications. Hidden Markov models (HMMs) have used timing data to extract passwords from cryptographically protected communications tunnels. We extend that work to show how HMM models of protocols can be extracted directly from observations of protocol timing artifacts with no a priori knowledge. Since our approach uses symbolic reasoning, an important question is how to best translate continuous data observations to symbolic data. This translation is problematic when observation variance makes continuous to symbolic translation unreliable. We examine this problem and show that the HMMs we infer compensate automatically for significant observation jitter and symbol misclassification. Experimental verification is presented.