English

应用科学学报 >

2018 , Vol. 36 >Issue 2: 383 - 392

DOI: https://doi.org/10.3969/j.issn.0255-8297.2018.02.016

多媒体信息安全专刊

基于联合质心熵的网络流水印自适应检测方案

展开
  • 1. 南京理工大学 自动化学院, 南京 210094;
    2. 中国电子科技集团公司第十研究所 情报事业部, 成都 610036;
    3. 江苏科技大学 电子信息学院, 江苏 镇江 212003

收稿日期: 2018-01-31

  网络出版日期: 2018-03-31

基金资助

国家自然科学基金(No.61472188,No.61602247,No.61702235,No.1636117);江苏省自然科学基金(No.BK20150472,No.BK20160840);国家科技支撑计划基金(No.2014BAH41B01); CCF-启明星辰“鸿雁”科研基金(No.201611);中央高校基本科研业务费专项资金(No.30920140121006,No.30915012208)资助

收起

Adaptive Network Flow Watermarking Detection Scheme Based on Joint Centroid Entropy

Expand
  • 1. School of Automation, Nanjing University of Science and Technology, Nanjing 210094, China;
    2. Intelligence Division, The 10 th Research Institute of China Electronic Technology Group Corporation, Chengdu 610036, China;
    3. School of Electronics and Information, Jiangsu University of Science and Technology, Zhenjiang 212003, Jiangsu Province, China

Received date: 2018-01-31

  Online published: 2018-03-31

Fold

摘要

考虑流水印在多种复杂网络数据流类型下的差异,设计基于总包数、平均包间隔和字节对称度的网络数据流预分组机制.在数据流预分组的基础上,依据时隙质心类网络流水印对数据流统计特性的影响,提出基于联合质心熵的网络流水印自适应检测方案.在部署的不同业务类型的匿名通信系统Tor数据流下的实验结果表明,所提出的自适应检测方法可以有效提高针对随机多密钥时隙质心类流水印的检测性能.

关键词: 预分组; 匿名通信; 网络流水印; 联合质心熵

本文引用格式

石进, 李乾坤, 刘伟伟, 刘光杰, 戴跃伟 . 基于联合质心熵的网络流水印自适应检测方案[J]. 应用科学学报, 2018 , 36(2) : 383 -392 . DOI: 10.3969/j.issn.0255-8297.2018.02.016

Abstract

Considering the differences of watermarking in various types of complex network trafc, a new pre-grouping mechanism based on total packets number, average packets interval and bytes symmetry is designed. On this basis, an adaptive network flow watermarking detection scheme based on joint centroid entropy is proposed with the exploitation of the statistic variation of network trafc which is caused by interval-based flow watermarking. Experimental results on different types of trafc in anonymous communication system Tor show that the proposed method can achieve higher detection accuracy for random multi-key interval centroid based watermarking.

Key words: joint centroid entropy; anonymous communication; network flow watermarking; pre-grouping

参考文献

[1] Pfitzmann A, Waidner M. Networks without user observability[J]. Computers & Security, 1987, 6(2):158-166.
[2] Dingledine R, Mathewson N, Syverson P. Tor:the second-generation onion router[J]. Proceedings of Usenix Security Symposium, 2004, 40(3):191-212.
[3] Egger C, Schlumberger J, Kruegel C, Vigna G. Practical attacks against the I2P network[C]//International Workshop on Recent Advances in Intrusion Detection. Springer, Berlin, Heidelberg, 2013:432-451.
[4] Boyan J. The anonymizer:protecting user privacy on the web[J]. Computer-Mediated Communication Magazine, 1997:4(9).
[5] Ding W, Hausknecht M J, Huang S H S, Riggle Z. Detecting stepping-stone intruders with long connection chains[C]//2009 Fifth International Conference on Information Assurance and Security. IEEE Computer Society, 2009:665-669.
[6] Houmansadr A, Kiyavash N, Borisov N. Non-blind watermarking of network flows[J]. IEEE/ACM Transactions on Networking, 2014, 22(4):1232-1244.
[7] Wang X, Reeves D. Robust correlation of encrypted attack trafc through stepping stones by flow watermarking[J]. IEEE Transactions on Dependable and Secure Computing, 2011, 8(3):434-449.
[8] Pyun Y J, Park Y H, Wang X, Reeves D S. Tracing trafc through intermediate hosts that repacketize flows[C]//INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, 2007:634-642.
[9] Houmansadr A, Borisov N. BotMosaic:collaborative network watermark for the detection of IRC-based botnets[J]. Journal of Systems and Software, 2013, 86(3):707-715.
[10] Wang X, Chen S, Jajodia S. Network flow watermarking attack on low latency anonymous communication systems[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. IEEE Computer Society, 2007:116-130.
[11] Wang X, Luo J, Yang M. A double interval centroid based watermark for network flow traceback[C]//14th International Conference on Computer Supported Cooperative Work in Design 2010, IEEE, 2010:146-151.
[12] Luo J, Wang X, Yang M. An interval centroid based spread spectrum watermarking scheme for multi-flow traceback[J]. Journal of Network and Computer Applications, 2012, 35(1):60-71.
[13] Houmansadr A, Borisov N. SWIRL:a scalable watermark to detect correlated network flows[C]//Network and Distributed System Security Symposium, 2011.
[14] Iacovazzi A, Elovici Y. Network flow watermarking:a survey[J]. IEEE Communications Surveys & Tutorials, 2017, 19(1):512-530.
[15] Wang R, Xu G, Liu B, Cao Y, Li X. Flow watermarking for antinoise and multistream tracing in anonymous networks[J]. IEEE Multi-media, 2017, 24(4):38-47.
[16] Rezaei F, Houmansadr A. Tagit:tagging network flows using blind fngerprints[J]. Proceedings on Privacy Enhancing Technologies, 2017(4):290-307.
[17] Peng P, Ning P, Reeves D S. On the secrecy of timing-based active watermarking traceback techniques[J]. 2006:334-349.
[18] Kiyavash N, Houmansadr A, Borisov N. Multi-flow attacks against network flow watermarking schemes[C]//Usenix Security Symposium, 2008:307-320.
[19] Luo X, Zhou P, Zhang J, Perdisci R, Lee W. Exposing invisible timing-based trafc watermarks with BACKLIT[C]//Twenty-Seventh Computer Security Applications Conference, 2011:197-206.
[20] Lin Z, Hopper N. New attacks on timing-based network flow watermarks[C]//Usenix Conference on Security Symposium, 2012:381-396.
[21] Gianvecchio S, Wang H. Detecting covert timing channels:an entropy-based approach[C]//ACM Conference on Computer & Communications Security. 2007:307-316.
[22] 李卫,边江,王盈. 动态网络流分类研究[J]. 电子科技大学学报,2007, 36(s3):1508-1511. Li W, Biang J, Wang Y. Research on dynamic network flow classifcation[J]. Journal of University of Electronic Science and Technology of China, 2007, 36(s3):1508-1511.(in Chinese)

Options
文章导航

/