Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2010: Information Security, Practice and Experience pp 172–186Cite as

Rate-Based Watermark Traceback: A New Approach

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6047))

Abstract

Network based intrusions have become a serious threat to Internet users. Despite many sophisticated defense techniques, attacks continue to increase. At present, in order to hide the source of the attack, many attackers prefer a stepping stone to launch their attack due to the anonymous nature of the Internet. The size, header and content of an IP packet will be changed because of the stepping stone and all these changes make it more difficult to trace the source of attacks. Currently, researchers study the time interval between IP packets and embed the watermark into the packet stream by adjusting the time interval between IP packets to trace the source of attacks. In this paper we study the previous watermarking schemes based on inter packet delay and propose a novel watermark scheme based on the rate of packets. For the first time we used weak signal detection model and cluster technology to resume the watermark, so as to avoid the present schemes which are based on precision time synchronization or packet number. Simulation tests show that the novel watermark is robust and can countermine the time perturbation, packet losing perturbation and packet padding perturbation caused by an attacker on purpose.

The work is supported by the National Natural Science Foundation of China under Grant No. 70890084/G021102; and the National High-Tech Research and Development Plan of China under Grant No. 2006AA01Z454.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sekar, V., Xie, Y., Maltz, D., Reiter, M., Zhang, H.: Toward a framework for internet forensic analysis. In: Proc. of ACM HotNets-III (2004)

    Google Scholar 

  2. Yaar, A., Perrig, A., Song, D.: FIT: fast internet traceback. In: Proceedings IEEE INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 2 (2005)

    Google Scholar 

  3. Strayer, W., Jones, C., Schwartz, B., Mikkelson, J., Livadas, C., Technol, B., Cambridge, M.: Architecture for multi-stage network attack traceback. In: The IEEE Conference on Local Computer Networks, 2005. 30th Anniversary, p. 8 (2005)

    Google Scholar 

  4. Wang, X., Reeves, D., Wu, S.: Inter-packet delay based correlation for tracing encrypted connections through stepping stones. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 244–263. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Wang, X., Chen, S., Sybase, I., Dr, O., Jajodia, S.: Network flow watermarking attack on low-latency anonymous communication systems

    Google Scholar 

  6. Pyun, Y., Park, Y., Wang, X., Reeves, D., Ning, P.: Tracing traffic through intermediate hosts that repacketize flows. In: IEEE INFOCOM 2007. 26th IEEE International Conference on Computer Communications, pp. 634–642 (2007)

    Google Scholar 

  7. Zhang, L., Persaud, A., Johnson, A., Guan, Y.: Detection of stepping stone attack under delay and chaff perturbations. In: 25th IEEE International Performance, Computing, and Communications Conference, IPCCC 2006, p. 10 (2006)

    Google Scholar 

  8. Wang, X., Reeves, D.: Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays. In: Proceedings of the 10th ACM conference on Computer and communications security, pp. 20–29. ACM, New York (2003)

    Chapter  Google Scholar 

  9. Donoho, D., Flesia, A., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale stepping-stone detection: Detecting pairs of jittered interactive streams by exploiting maximum tolerable delay. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 17–35. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Wang, X.: Tracing intruders behind stepping stones. PhD thesis (2004)

    Google Scholar 

  11. Staniford-Chen, S., Heberlein, L.: Holding intruders accountable on the internet. In: 1995 IEEE Symposium on Security and Privacy, Proceedings, pp. 39–49 (1995)

    Google Scholar 

  12. Zhang, Y., Paxson, V.: Detecting stepping stones. In: Proceedings of the 9th USENIX Security Symposium, pp. 171–184 (2000)

    Google Scholar 

  13. He, T., Tong, L.: Detecting encrypted stepping-stone connections. IEEE Transactions on Signal Processing, Part 1 55(5), 1612–1623 (2007)

    Article  MathSciNet  Google Scholar 

  14. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th conference on USENIX Security Symposium, vol. 13, p. 21. USENIX Association, Berkeley (2004)

    Google Scholar 

  15. Yu, W., Fu, X., Graham, S., Xuan, D., Zhao, W.: Dsss-based flow marking technique for invisible traceback. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 18–32 (2007)

    Google Scholar 

  16. Peng, P., Ning, P., Reeves, D.: On the secrecy of timing-based active watermarking trace-back techniques

    Google Scholar 

  17. Helstrom, C.: Statistical theory of signal detection. Pergamon Press, Oxford (1968)

    Google Scholar 

  18. Dembele, D., Kastner, P.: Fuzzy C-means method for clustering microarray data (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The State Key Laboratory of Information Security, Graduate University of, Chinese Academy of Sciences, China

    Zongbin Liu & Jiwu Jing

  2. The Pennsylvania State University, University Park, USA

    Peng Liu

Authors
  1. Zongbin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiwu Jing
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, 646 Eupnae-ri, Shinchang-myun, Asan-si, 336-745, Chungcheongnam-do, Korea

    Jin Kwak

  2. School of Information Systems, Singapore Management University, 469 Bukit Timah Road, 259756, Singapore

    Robert H. Deng

  3. Internet and Security Policy Division, Korea Internet and Security Agency, Daedong B/D, Garak-dong 79-3, Songpa-gu, 138-950, Seoul, Korea

    Yoojae Won

  4. School of Computer Science, University of Birmingham, B15 2TT, Birmingham, UK

    Guilin Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Liu, Z., Jing, J., Liu, P. (2010). Rate-Based Watermark Traceback: A New Approach. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds) Information Security, Practice and Experience. ISPEC 2010. Lecture Notes in Computer Science, vol 6047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12827-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12827-1_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12826-4

  • Online ISBN: 978-3-642-12827-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation