ISSN 1000-1239 CN 11-1777/TP

• 综述 •

### 网络流水印安全威胁及对策综述

1. 1(解放军信息工程大学 郑州 450001);2(数学工程与先进计算国家重点实验室 郑州 450001);3(河南工程学院 郑州 451191) (liancheng17@gmail.com)
• 出版日期: 2018-08-01
• 基金资助:
国家自然科学基金项目(61402526，61502528，61402525) This work was supported by the National Natural Science Foundation of China (61402526, 61502528, 61402525).

### Survey on Security Threats and Countermeasures of Network Flow Watermarking

Zhang Liancheng1,2, Wang Yu3, Kong Yazhou1,2,Qiu Han1,2

1. 1(PLA Information Engineering University, Zhengzhou 450001);2(State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001);3(Henan University of Engineering, Zhengzhou 451191)
• Online: 2018-08-01

Abstract: By comparing the flow characteristics-based passive flow correlation technologies, the authors find the flow watermarking-based active flow correlation technologies are more accurate with less false positive rate and less observation time in terms of attack attribution through stepping stones and anonymous abuser tracing. This paper first introduces typical flow watermarking technologies based on packet payload, flow rate and packet timing, then explains the security risks which the flow watermarking technologies face such as multi-flow attack, mean-square autocorrelation attack, K-S (Kolmogorov-Simirnov) test, PNR (Peng Ning Reeves) attack, delay normalization attack, BACKLIT detection, known flow attack, output-only detection and copy attack. In following, the authors analyze the methods and means for the flow watermarking technologies to defend against multi-flow attack, mean-square autocorrelation attack, K-S test, BACKLIT detection and other security risks, such as the frequently used embedding position randomization, watermarking bit reordering, one watermark for each target flow, one code for each target flow and embedding delay minimization. In conclusion, the authors summarize and anticipate the hot topics and research trends of the security threats and the countermeasures against them to the flow watermarking technologies. That is, the attack resistance ability of the existing flow watermarking technologies, the unified evaluation system and metrics of watermark invisibility and attacks aiming to other carriers based and multiple carriers based flow watermarking technologies need to be further strengthened and studied.