Abstract
Network based intrusions have become a serious threat to Internet users. Despite many sophisticated defense techniques, attacks continue to increase. At present, in order to hide the source of the attack, many attackers prefer a stepping stone to launch their attack due to the anonymous nature of the Internet. The size, header and content of an IP packet will be changed because of the stepping stone and all these changes make it more difficult to trace the source of attacks. Currently, researchers study the time interval between IP packets and embed the watermark into the packet stream by adjusting the time interval between IP packets to trace the source of attacks. In this paper we study the previous watermarking schemes based on inter packet delay and propose a novel watermark scheme based on the rate of packets. For the first time we used weak signal detection model and cluster technology to resume the watermark, so as to avoid the present schemes which are based on precision time synchronization or packet number. Simulation tests show that the novel watermark is robust and can countermine the time perturbation, packet losing perturbation and packet padding perturbation caused by an attacker on purpose.
The work is supported by the National Natural Science Foundation of China under Grant No. 70890084/G021102; and the National High-Tech Research and Development Plan of China under Grant No. 2006AA01Z454.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Sekar, V., Xie, Y., Maltz, D., Reiter, M., Zhang, H.: Toward a framework for internet forensic analysis. In: Proc. of ACM HotNets-III (2004)
Yaar, A., Perrig, A., Song, D.: FIT: fast internet traceback. In: Proceedings IEEE INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 2 (2005)
Strayer, W., Jones, C., Schwartz, B., Mikkelson, J., Livadas, C., Technol, B., Cambridge, M.: Architecture for multi-stage network attack traceback. In: The IEEE Conference on Local Computer Networks, 2005. 30th Anniversary, p. 8 (2005)
Wang, X., Reeves, D., Wu, S.: Inter-packet delay based correlation for tracing encrypted connections through stepping stones. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 244–263. Springer, Heidelberg (2002)
Wang, X., Chen, S., Sybase, I., Dr, O., Jajodia, S.: Network flow watermarking attack on low-latency anonymous communication systems
Pyun, Y., Park, Y., Wang, X., Reeves, D., Ning, P.: Tracing traffic through intermediate hosts that repacketize flows. In: IEEE INFOCOM 2007. 26th IEEE International Conference on Computer Communications, pp. 634–642 (2007)
Zhang, L., Persaud, A., Johnson, A., Guan, Y.: Detection of stepping stone attack under delay and chaff perturbations. In: 25th IEEE International Performance, Computing, and Communications Conference, IPCCC 2006, p. 10 (2006)
Wang, X., Reeves, D.: Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 20–29. ACM, New York (2003)
Donoho, D., Flesia, A., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 17–35. Springer, Heidelberg (2002)
Wang, X.: Tracing intruders behind stepping stones. PhD thesis (2004)
Staniford-Chen, S., Heberlein, L.: Holding intruders accountable on the internet. In: 1995 IEEE Symposium on Security and Privacy, Proceedings, pp. 39–49 (1995)
Zhang, Y., Paxson, V.: Detecting stepping stones. In: Proceedings of the 9th USENIX Security Symposium, pp. 171–184 (2000)
He, T., Tong, L.: Detecting encrypted stepping-stone connections. IEEE Transactions on Signal Processing, Part 1 55(5), 1612–1623 (2007)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th conference on USENIX Security Symposium, vol. 13, p. 21. USENIX Association, Berkeley (2004)
Yu, W., Fu, X., Graham, S., Xuan, D., Zhao, W.: Dsss-based flow marking technique for invisible traceback. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 18–32 (2007)
Peng, P., Ning, P., Reeves, D.: On the secrecy of timing-based active watermarking trace-back techniques
Helstrom, C.: Statistical theory of signal detection. Pergamon Press, Oxford (1968)
Dembele, D., Kastner, P.: Fuzzy C-means method for clustering microarray data (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, Z., Jing, J., Liu, P. (2010). Rate-Based Watermark Traceback: A New Approach. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds) Information Security, Practice and Experience. ISPEC 2010. Lecture Notes in Computer Science, vol 6047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12827-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-12827-1_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12826-4
Online ISBN: 978-3-642-12827-1
eBook Packages: Computer ScienceComputer Science (R0)