Repeatedly Coding Inter-Packet Delay for Tracking Down Network Attacks

doi:10.23940/ijpe.20.02.p10.265283

Abstract

Abstract:

Attacks against Internet service provider (ISP) networks will inevitably lead to huge social and economic losses. As an active traffic analysis method, network flow watermarking can effectively track attackers with high accuracy and a low false rate. Among them, inter-packet delay (IPD) embeds and extracts watermarks relatively easily and effectively, and it has attracted much attention. However, the performance of IPD is badly affected when networks have perturbations with high packet loss rate or packet splitting. This paper provides an approach to improve the robustness of IPD by repeatedly coding the inter-packet delay (RCIPD), which can smoothly handle situations with packet splitting and merging. This paper proposes applying the Viterbi algorithm to obtain the convolutional code of a watermark such that the impact of network perturbation on the watermark can be worked off; applying the harmony schema, which controls the rhythm and embeds RCIPD bits into network flow, to improve the invisibility of watermarking; and applying K-means to identify dynamically bits of the watermark that may change the intervals due to the latency of networks. A cyclic-similarity algorithm (CSA) is designed to separate the repeated coding and eventually obtain the watermark. Experiments are carried out to compare RCIPD with other three schemas. The results show that the proposed approach is more robust, especially in the case of packet splitting.

Key words: network attack tracking, network flow watermarking, repeatedly coding inter-packet Delay, Viterbi coding, K-means, harmony schema

Lian Yu, Lei Zhang, Cong Tan, Bei Zhao, Chen Zhang, and Lijun Liu. Repeatedly Coding Inter-Packet Delay for Tracking Down Network Attacks [J]. Int J Performability Eng, 2020, 16(2): 265-283.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References 38.

1.	G. Forney, “Convolutional codes I: Algebraic structure,” Journal of IEEE Transactions on Information Theory, Vol. 16, No. 6, pp. 720- 738, December 1970
2.	J. A.Hartigan and M. A. Wong, “A K-means clustering algorithm,” Journal of Computer Networks, Vol. 28, No. 1, pp. 100- 108, April 2013
3.	A. J. Viterbi, “Viterbi Algorithm,” 1st Edition, Encyclopedia of Telecommunications, 2003
4.	R. W. Hamming, “Error Detecting and Error Correcting Codes,” Journal of Bell System Technical Journal, Vol. 29, No. 2, pp. 147- 160, April 1950
5.	L. Zhang, Y. Kong, Y. Guo, J. Yan and Z. Wang, “Survey on network flow watermarking: model, interferences, applications, technologies and security,” Journal of IET Communications, Vol. 12, No. 14, pp. 1639- 1648, May 2018
6.	Z. Yi, L. Pan and X. Wang, “IP Traceback Using Digital Watermark and Honeypot,” in Proceedings of the International Conference on Ubiquitous Intelligence and Computing, pp.426-438, Berlin, Heidelberg, 2008
7.	X. Wang, J. Jiang and L. Bai, “SWATS: A Lightweight VANET Anonymous Traceback System Based on Random Superposition Watermarking,” in Proceedings of the 2018 IEEE International Conference on SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation, pp.748-755, Guangzhou, China, October 2018
8.	Y. Jing, P. Tu, X. Wang and G. Zhang, “Distributed-log-based scheme for IP traceback,” in Proceedings of the 5th ACM International Conference on Computer and Information Technology, pp.711-715, Shanghai, China, November 2005
9.	E. Hilgenstieler, E. P. Duarte, G. Mansfield-Keeni and N. Shiratori, “Extensions to the source path isolation engine for precise and efficient log-based IP traceback,” Journal of Computers & Security, Vol. 29, No. 4, pp. 383- 392, June 2010
10.	J. Shi, L. Zhang, S. Yin, W. Liu, J. Zhai, G. Liu and Y. Dai, “A Comprehensive Analysis of Interval Based Network Flow Watermarking,” in Proceedings of the 4th International Conference on Cloud Computing and Security, pp.72-84, Haikou, China, June 2018
11.	A. Iacovazzi, S. Sarda and D. Frassinelli, “DropWat: An Invisible Network Flow Watermark for Data Exfiltration Traceback,” Journal of IEEE Transactions on Information Forensics and Security, Vol. 13, No. 5, pp. 1139-1154, May 2017
12.	R. Stone, “CenterTrack: An IP overlay network for tracking DoS floods,” in Proceedings of the 9th Conference on USENIX Security Symposium, pp.114, Colorado, USA, August 2000
13.	T. Baba and S. Matsuda, “Tracing network attacks to their sources,” Journal of IEEE Internet Computing, Vol. 6, No. 2, pp. 0-26, April 2002
14.	D. Song and A. Perrig, “Advanced and authenticated marking schemes for IP traceback,” in Proceedings of the 12th IEEE International Conference on Computer and Communications Society, pp.878-886, Alaska, USA, Februray 2001
15.	A. Belenky, “IP traceback with deterministic packet marking,” Journal of IEEE Comm Letters, Vol. 7, No. 4, pp. 162- 164, May 2003
16.	M. T. Goodrich, “Efficient packet marking for large-scale IP traceback,” in Proceedings of the 9th ACM International Conference on Computer and Communications Security, pp.18-22, Washington, USA, November 2002
17.	A. Lazarevic, L. Ertoz and V. Kumar, “A comparative study of anomaly detection schemes in network intrusion detection,” in Proceedings of the 2003 SIAM International Conference on Data Mining. Society for Industrial and Applied Mathematics, pp.25-36, San Francisco, USA, May 2003
18.	Lopez, R. Diego, John, Wolfgang, Olovsson and Tomas, “Detection of malicious traffic on back‐bone links via packet header analysis,” Journal of Campus-Wide Information Systems, Vol. 25, No. 5, pp. 342- 384, January November 2008
19.	N. Venkatesu, V. D.Chakravarthy and D. Sathya, “An Effective Defense Against Distributed Denial of Service in GRID,” in Proceedings of the 1st IEEE International Conference on Emerging Trends in Engineering and Technology, pp.373-378, Maharashtra, India, July 2008
20.	N. Wu, Z. Mu,L. Zhang, “Distributed Denial of Service Covert Flow Detection Based on Data Stream Potential Energy Feature,” Journal of Computer Engineering, Vol. 41, No. 3, pp. 142- 146, March 2015
21.	W. Cheng, J. Zhao and P. Wu, “Network traffic detection and analysis based on big data flow,” Journal of Journal of Nanjing University of Science & Technology, Vol. 41, No. 3, pp. 294- 300, June 2017
22.	Y. Zhang and Q. Shen, “Data Flow Control Algorithm based on Feature Matching in Mobile P2P Network,” Journal of Journal of Networks, Vol. 8, No. 5, pp. 1146, May 2013
23.	B. Jonsson, “A fully abstract trace model for dataflow and asynchronous networks,” Journal of Distributed Computing, Vol. 7, No. 4, pp. 197-212, May 1994
24.	A. Iacovazzi and Y. Elovici, “Network Flow Watermarking: A Survey,” Journal of IEEE Communications Surveys & Tutorials, Vol. 19, No. 1, pp. 512- 530, September 2016
25.	T. Lu, R. Guo, L. Zhao and Y. Li, “A Systematic Review of Network Flow Watermarking In Anonymity Systems,” Journal of International Journal of Security and Its Applications, Vol. 10, No. 3, pp. 129- 138, October 2016
26.	X. Wang, D. S.Reeves and S. Wu, “Sleepy watermark tracing: An active network-based intrusion response framework,” in Proceedings of the 22nd International Conference on International Information Security Conference, pp.369-348, Boston, USA, June 2001
27.	S. Kent and R. Atkinson, “IP encapsulating security payload (ESP),” 1st Edition, RFC Editor, 1995
28.	A. Iacovazzi and A. Baiocchi, “Optimum packet length masking,” in Proceedings of the 22nd International Conference on Teletraffic Congress, pp.1-8, Amsterdam, The Netherlands, October 2010
29.	L. Zhang, Z. Wang, Q. Wang,F. Miao, “MSAC and multiflow attacks resistant spread spectrum watermarks for network flows,” in Proceedings of the 2nd IEEE International Conference on Information & Financial Engineering, pp.438-441, Chongqing, China, September 2010
30.	Z. Liu, J. Jing and P. Liu, “Rate-based watermark traceback: A new approach,” in Proceedings of the 6th International Conference on Information Security Practice & Experience, pp.172-186, Seoul, South Korea, May 2010
31.	X. Wang and D. S. Reeves, “Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays,” in Proceedings of the 10th ACM International Conference on Computer and Communications Security, pp.20-29, Washington, DC, USA, October 2003
32.	Y. H.Park and D. S. Reeves, “Adaptive timing-based active watermarking for attack attribution through stepping stones,” in Proceedings of the 2nd International Conference on Security in Distributed Computing Systems, pp.107-113, Washington, USA, June 2005
33.	Z. Pan, H. Peng and X. Long, “A watermarking-based host correlation detection scheme,” in Proceedings of the 2009 International Conference on Management of e-Commerce and e- Government, pp.393-497, Nanchang, China, September 2009
34.	X. Wang, S. Chen and S. Jajodia, “Tracking anonymous peer-to-peer voip calls on the internet,” in Proceedings of the 12th ACM International Conference on Computer and Communications Security, pp.81-94, Alexandra, USA, November 2005
35.	A. Houmansadr, N. Kiyavash and N. Borisov, “Non-blind watermarking of network flows,” Journal of IEEE/ACM Transactions on Networking, Vol. 22, No. 4, pp. 1232- 1244, August 2014
36.	A. Houmansadr and N. Borisov, “Towards improving network flow watermarking using the repeat-accumulate codes,” in Proceedings of the 2011 IEEE International Conference on Acoustics, Speech and Signal Processing, pp.1852-1855, Prague, Czech Republic, May 2011
37.	Y. J. Pyun, Y. H. Park, X. Wang, D. S.Reeves and P. Ning, “Tracing traffic through intermediate hosts that repacketize flows,” in Proceedings of the 26th IEEE International Conference on Computer Communications, pp.634-642, Anchorage, USA, May 2007
38.	Y. J. Pyun, Y. H. Park, D. S. Reeves, X. Wang and P. Ning, “Interval-based flow watermarking for tracing interactive traffic,” Journal of Computer Networks, Vol. 56, No. 5, pp. 1646- 1665, January 2012

[1]	Deepak Kumar, Chaman Verma, Purushottam Sharma, Deeksha Kumari, and Zoltán Illés. Demographic and Clinical Factors Role Identification in Stroke Risk and Subtype Prediction [J]. Int J Performability Eng, 2023, 19(6): 368-378.
[2]	Ashima Arya and Sanjay Kumar Malik. Software Fault Prediction using K-Mean-Based Machine Learning Approach [J]. Int J Performability Eng, 2023, 19(2): 133-143.
[3]	Arvind Kumar Mishra, Renuka Nagpal, Kirti Seth, and Rajni Sehgal. Maintainability of Service-Oriented Architecture using Hybrid K-means Clustering Approach [J]. Int J Performability Eng, 2023, 19(1): 33-42.
[4]	Kai-Wen Chen and Chin-Yu Huang. Automatic Categorization of Software with Document Clustering Methods and Voting Mechanism [J]. Int J Performability Eng, 2022, 18(4): 251-262.
[5]	Kajal Dwivedi, Ramanathan Lakshmanan, and Rajeshkannan Regunathan. K-means Under-Sampling for Hypertension Prediction using NHANES Dataset [J]. Int J Performability Eng, 2021, 17(8): 733-740.
[6]	M. Muzammil Parvez, J. Shanmugam, and V.S. Ghali. Fuzzy C-based Automatic Defect Detection using Barker Coded Thermal Wave Imaging [J]. Int J Performability Eng, 2021, 17(5): 484-490.
[7]	Huaiguang Wu, Pengjie Xie, Ming Cheng, and Hongwei Tao. A Hybrid Model of Predicting Breast Cancer Survivability based on Specific Stages [J]. Int J Performability Eng, 2020, 16(8): 1183-1192.
[8]	Chulei Zhang, Honghua Cui, Yizhang Wang, Tiantian Zhao, and You Zhou. LDKM: An Improved K-Means Algorithm with Linear Fitting Density Peak [J]. Int J Performability Eng, 2020, 16(3): 454-461.
[9]	Zhiguo Liu and Changqing Ren. Unknown Protocol Data Frame Classification Algorithm based on Improved K-Means [J]. Int J Performability Eng, 2020, 16(11): 1721-1731.
[10]	Qinggang Wu and Xueming Zhai. Remote Sensing Object Detection via an Improved YOLO Network [J]. Int J Performability Eng, 2020, 16(11): 1803-1813.
[11]	Mingzhu Li and Yufeng Deng. A Machine Learning-based Building Operational Pattern Identification [J]. Int J Performability Eng, 2020, 16(11): 1835-1844.
[12]	Wenjie Li. Imbalanced Data Optimization Combining K-Means and SMOTE [J]. Int J Performability Eng, 2019, 15(8): 2173-2181.
[13]	Ming Lei, Bin Wen, Jianhou Gan, and Jun Wang. Clustering Algorithm of Ethnic Cultural Resources based on Spark [J]. Int J Performability Eng, 2019, 15(3): 756-762.
[14]	Yan Zhang, Li Qiao, Xingya Wang, Jingying Cai, and Xuefei Liu. Automatic Software Testing Target Path Selection using K-Means Clustering Algorithm [J]. Int J Performability Eng, 2019, 15(10): 2667-2674.
[15]	Wenqian Shang, Kaixiang Wang, and Junjie Huang. An Improved Tensor Decomposition Model for Recommendation System [J]. Int J Performability Eng, 2018, 14(9): 2116-2126.