ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2018, Vol. 55 ›› Issue (8): 1785-1799.

### Survey on Security Threats and Countermeasures of Network Flow Watermarking

Zhang Liancheng1,2, Wang Yu3, Kong Yazhou1,2,Qiu Han1,2

1. 1(PLA Information Engineering University, Zhengzhou 450001);2(State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001);3(Henan University of Engineering, Zhengzhou 451191)
• Online:2018-08-01

Abstract: By comparing the flow characteristics-based passive flow correlation technologies, the authors find the flow watermarking-based active flow correlation technologies are more accurate with less false positive rate and less observation time in terms of attack attribution through stepping stones and anonymous abuser tracing. This paper first introduces typical flow watermarking technologies based on packet payload, flow rate and packet timing, then explains the security risks which the flow watermarking technologies face such as multi-flow attack, mean-square autocorrelation attack, K-S (Kolmogorov-Simirnov) test, PNR (Peng Ning Reeves) attack, delay normalization attack, BACKLIT detection, known flow attack, output-only detection and copy attack. In following, the authors analyze the methods and means for the flow watermarking technologies to defend against multi-flow attack, mean-square autocorrelation attack, K-S test, BACKLIT detection and other security risks, such as the frequently used embedding position randomization, watermarking bit reordering, one watermark for each target flow, one code for each target flow and embedding delay minimization. In conclusion, the authors summarize and anticipate the hot topics and research trends of the security threats and the countermeasures against them to the flow watermarking technologies. That is, the attack resistance ability of the existing flow watermarking technologies, the unified evaluation system and metrics of watermark invisibility and attacks aiming to other carriers based and multiple carriers based flow watermarking technologies need to be further strengthened and studied.

CLC Number: