针对流量伪装成本高、伪装相似度低等问题,提出一种基于蒙特卡罗的流量伪装方法. 通过对所处网络环境的常规流量进行统计分析,获取多重动态特征并建立概率分布过程,利用随机数对已知概率分布抽样,产生动态特征序列并构造伪装流量. 理论分析表明,该方法无需部署额外的重路由节点且伪装过程不产生分散数据,可在保证伪装生成效率的前提下降低伪装成本,提高网络性能. 实验表明,该方法可降低流量检测的准确度及可信度,与现有包填充方法相比,伪装相似度也有较大改善.
Heavy camouflage cost and low camouflage similarity are major problems in the traffic camouflage research. Network traffic camouflage based on the Monte Carlo method is proposed to deal with the problems. To acquire multiple dynamic characteristics and establish the probability distribution, the normal traffic is analyzed. The given probability distribution is then sampled with the generated random numbers to determine the dynamic characteristic sequences and construct the camouflage traffic flow. Theoretical analysis indicates that no extra rerouting nodes are deployed and no dispersion traffic generated. The network cost is reduced, the transport performance improved, and the efficiency guaranteed. Experiments show that the method can degrade the detection accuracy and reliability. Compared to the packet padding method, camouflage similarity is well improves.
[1] 张连成,王振兴,苗甫. 网络流量伪装技术研究 [J]. 计算机应用研究,2011, 28(7): 2418-2423.
ZHANG Liancheng, WANG Zhenxing, MIAO Fu. Survey on network traffic camouflaging [J]. Application Research of Computers, 2011, 28(7): 2418-2423. (in Chinese)
[2] GUAN Y. A study on countermeasures against traffic analysis attacks [D]. (Texas A&M University,德州农工大学) Texas A&M University, 2002.
[3] WANG X Y, CHEN S, JAJODIA S. Network flow watermarking attack on low-latency anonymous communication systems [C]//IEEE Symposium on Security and Privacy, Oakland, USA, 2007: 116-130.
[4] ZLATOKRILOV H, LEVY H. Session privacy enhancement by traffic dispersion[C]//IEEE International Conference on Computer Communications 2006, Barcelona, Catalunya, Spain, 2006:1-12.
[5] BOHACEK S, HESPANHA J P, OBRACZKA K, LEE J, LIM C. Enhancing security via stochastic routing [C]//11th International conference on computer communication and networks, Newark, DE, USA, 2002: 58-62.
[6] FU X W, GRAHAM B, BETTATI R, ZHAO W. On effectiveness of link padding for statistical traffic analysis attacks [C]// International Conference on Distributed Computing SystemS. 2003, Providence, USA, 2003: 45-52.
[7] GUAN Y, FU X W, XUAN D, BETTATI R, ZHAO W. Netcamo: camouflaging network traffic for qos-guaranteed mission critical applications [J]. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, 2001, 31(4): 253-265.
[8] LE MALECOT E. Mitibox: camouflage and deception for network scan mitigation [C]//The 4th USENIX Conference on Hot Topics in Security, Montreal, Canada, 2009: 4-9.
[9] LIU D X, CHI C H, LI M. Normalizing traffic pattern with anonymity for mission critical applications [C]//The 37th Annual Simulation Symposium, Arlington, VA, USA, 2004: 293-299.
[10] 胡文心. 网络流量规范化的流量伪装模型的研究 [D]. 上海:华东师范大学,2006.
HU Wenxin. The model and implementation of normalizing network traffic pattern with anonymity for mission critical applications [D]. East China Normal University, 2006. (in Chinese)
[11] DANEZIS G, CLAYTON R. Introducing traffic analysis: attacks, defences and public policy issues [M]. Digital Privacy: Theory, Technologies, and Practices. Auerbach Publications, 2007:95-117.
[12] BISSIAS G D, LIBERATORE M, JENSEN D, LEVINE B N. Privacy vulnerabilities in encrypted http streams [C]//PET 2005, Dubrovnik, Croatia, 2005: 1-11.
[13] CALLADO A, KAMIENSKI C, SZABÓ G, GERO B P, KELNER J, FERNANDES S, SADOK D. A survey on internet traffic identification [J]. IEEE Communications Surveys & Tutorials, 2009, 11(3): 37-52.
[14] ZHU Y, FU X W, GRAMHAM B, BETTATI R ZHAO W. Correlation-based traffic analysis attacks on anonymity networks [J]. IEEE Transactions on Parallel and Distributed Systems, 2010, 21(7): 54-967.
[15] 徐鹏,林森. 基于C4.5 决策树的流量分类方法[J]. 软件学报,2009, 20(10): 2692-2704.
XU Peng,LIN Sen. Internet traffic classification using C4.5 decision tree [J]. Journal of Software, 2009, 20(10): 2692-2704. (in Chinese)
[16] NEWMAN-WOLFE R. E, VENKATRAMAN B R. Performance analysis of a method for high level prevention of traffic analysis [C]//The 8th Annual Computer Security Applications Conference, San Antonio, USA, 1992: 123-130.
[17] 邵政斌. 流量伪装技术及其成本分析 [D]. 长沙:湖南大学, 2007.
SHAO Zhengbin. Traffic camouflaging technology and its cost analysis [D].Changsha: Hunan University. 2007. (in Chinese)
