中文

Journal of Applied Sciences >

2018 , Vol. 36 >Issue 2: 383 - 392

DOI: https://doi.org/10.3969/j.issn.0255-8297.2018.02.016

Special Issue: Information Security of Multimedia Contents

Adaptive Network Flow Watermarking Detection Scheme Based on Joint Centroid Entropy

Expand
  • 1. School of Automation, Nanjing University of Science and Technology, Nanjing 210094, China;
    2. Intelligence Division, The 10 th Research Institute of China Electronic Technology Group Corporation, Chengdu 610036, China;
    3. School of Electronics and Information, Jiangsu University of Science and Technology, Zhenjiang 212003, Jiangsu Province, China

Received date: 2018-01-31

  Online published: 2018-03-31

Fold

Abstract

Considering the differences of watermarking in various types of complex network trafc, a new pre-grouping mechanism based on total packets number, average packets interval and bytes symmetry is designed. On this basis, an adaptive network flow watermarking detection scheme based on joint centroid entropy is proposed with the exploitation of the statistic variation of network trafc which is caused by interval-based flow watermarking. Experimental results on different types of trafc in anonymous communication system Tor show that the proposed method can achieve higher detection accuracy for random multi-key interval centroid based watermarking.

Key words: joint centroid entropy; anonymous communication; network flow watermarking; pre-grouping

Cite this article

SHI Jin, LI Qian-kun, LIU Wei-wei, LIU Guang-jie, DAI Yue-wei . Adaptive Network Flow Watermarking Detection Scheme Based on Joint Centroid Entropy[J]. Journal of Applied Sciences, 2018 , 36(2) : 383 -392 . DOI: 10.3969/j.issn.0255-8297.2018.02.016

References

[1] Pfitzmann A, Waidner M. Networks without user observability[J]. Computers & Security, 1987, 6(2):158-166.
[2] Dingledine R, Mathewson N, Syverson P. Tor:the second-generation onion router[J]. Proceedings of Usenix Security Symposium, 2004, 40(3):191-212.
[3] Egger C, Schlumberger J, Kruegel C, Vigna G. Practical attacks against the I2P network[C]//International Workshop on Recent Advances in Intrusion Detection. Springer, Berlin, Heidelberg, 2013:432-451.
[4] Boyan J. The anonymizer:protecting user privacy on the web[J]. Computer-Mediated Communication Magazine, 1997:4(9).
[5] Ding W, Hausknecht M J, Huang S H S, Riggle Z. Detecting stepping-stone intruders with long connection chains[C]//2009 Fifth International Conference on Information Assurance and Security. IEEE Computer Society, 2009:665-669.
[6] Houmansadr A, Kiyavash N, Borisov N. Non-blind watermarking of network flows[J]. IEEE/ACM Transactions on Networking, 2014, 22(4):1232-1244.
[7] Wang X, Reeves D. Robust correlation of encrypted attack trafc through stepping stones by flow watermarking[J]. IEEE Transactions on Dependable and Secure Computing, 2011, 8(3):434-449.
[8] Pyun Y J, Park Y H, Wang X, Reeves D S. Tracing trafc through intermediate hosts that repacketize flows[C]//INFOCOM 2007. 26th IEEE International Conference on Computer Communications. IEEE, 2007:634-642.
[9] Houmansadr A, Borisov N. BotMosaic:collaborative network watermark for the detection of IRC-based botnets[J]. Journal of Systems and Software, 2013, 86(3):707-715.
[10] Wang X, Chen S, Jajodia S. Network flow watermarking attack on low latency anonymous communication systems[C]//Proceedings of the 2007 IEEE Symposium on Security and Privacy. IEEE Computer Society, 2007:116-130.
[11] Wang X, Luo J, Yang M. A double interval centroid based watermark for network flow traceback[C]//14th International Conference on Computer Supported Cooperative Work in Design 2010, IEEE, 2010:146-151.
[12] Luo J, Wang X, Yang M. An interval centroid based spread spectrum watermarking scheme for multi-flow traceback[J]. Journal of Network and Computer Applications, 2012, 35(1):60-71.
[13] Houmansadr A, Borisov N. SWIRL:a scalable watermark to detect correlated network flows[C]//Network and Distributed System Security Symposium, 2011.
[14] Iacovazzi A, Elovici Y. Network flow watermarking:a survey[J]. IEEE Communications Surveys & Tutorials, 2017, 19(1):512-530.
[15] Wang R, Xu G, Liu B, Cao Y, Li X. Flow watermarking for antinoise and multistream tracing in anonymous networks[J]. IEEE Multi-media, 2017, 24(4):38-47.
[16] Rezaei F, Houmansadr A. Tagit:tagging network flows using blind fngerprints[J]. Proceedings on Privacy Enhancing Technologies, 2017(4):290-307.
[17] Peng P, Ning P, Reeves D S. On the secrecy of timing-based active watermarking traceback techniques[J]. 2006:334-349.
[18] Kiyavash N, Houmansadr A, Borisov N. Multi-flow attacks against network flow watermarking schemes[C]//Usenix Security Symposium, 2008:307-320.
[19] Luo X, Zhou P, Zhang J, Perdisci R, Lee W. Exposing invisible timing-based trafc watermarks with BACKLIT[C]//Twenty-Seventh Computer Security Applications Conference, 2011:197-206.
[20] Lin Z, Hopper N. New attacks on timing-based network flow watermarks[C]//Usenix Conference on Security Symposium, 2012:381-396.
[21] Gianvecchio S, Wang H. Detecting covert timing channels:an entropy-based approach[C]//ACM Conference on Computer & Communications Security. 2007:307-316.
[22] 李卫,边江,王盈. 动态网络流分类研究[J]. 电子科技大学学报,2007, 36(s3):1508-1511. Li W, Biang J, Wang Y. Research on dynamic network flow classifcation[J]. Journal of University of Electronic Science and Technology of China, 2007, 36(s3):1508-1511.(in Chinese)

Options
Outlines

/