On the detection of card-sharing traffic through wavelet analysis and Support Vector Machines

In the last years, the interest in methods and techniques for circumventing the security of the available digital video broadcasting systems is continuously increasing. Digital TV providers are struggling to restrict access to their video contents only to authorized users, by deploying more and more sophisticated conditional access systems. At the state-of-the-art, the most significant menace is the card-sharing activity which exploits a known weakness allowing an authorized subscriber to provide access to digital contents to a potentially large group of unauthorized ones connected over a communication network. This is usually realized by using ad hoc customized devices. Detecting the presence of these illegal systems on a network, by recognizing their related traffic is an issue of primary importance. Unfortunately, to avoid the identification of such traffic, payload obfuscation strategies based on encryption are often used, hindering packet inspection techniques.This paper presents a strategy for the detection of card-sharing traffic, empowered by machine-learning-driven traffic classification techniques and based on the natural capability of wavelet analysis to decompose a traffic time series into several component series associated with particular time and frequency scales and hence allowing its observation at different frequency component levels and with different resolutions. These ideas have been used for the proof-of-concept implementation of an SVM-based binary classification scheme that relies only on time regularities of the traffic and not on the packet contents and hence is immune to payload obfuscation techniques.