Abstract:
By comparing the flow characteristics-based passive flow correlation technologies, the authors find the flow watermarking-based active flow correlation technologies are more accurate with less false positive rate and less observation time in terms of attack attribution through stepping stones and anonymous abuser tracing. This paper first introduces typical flow watermarking technologies based on packet payload, flow rate and packet timing, then explains the security risks which the flow watermarking technologies face such as multi-flow attack, mean-square autocorrelation attack, K-S (Kolmogorov-Simirnov) test, PNR (Peng Ning Reeves) attack, delay normalization attack, BACKLIT detection, known flow attack, output-only detection and copy attack. In following, the authors analyze the methods and means for the flow watermarking technologies to defend against multi-flow attack, mean-square autocorrelation attack, K-S test, BACKLIT detection and other security risks, such as the frequently used embedding position randomization, watermarking bit reordering, one watermark for each target flow, one code for each target flow and embedding delay minimization. In conclusion, the authors summarize and anticipate the hot topics and research trends of the security threats and the countermeasures against them to the flow watermarking technologies. That is, the attack resistance ability of the existing flow watermarking technologies, the unified evaluation system and metrics of watermark invisibility and attacks aiming to other carriers based and multiple carriers based flow watermarking technologies need to be further strengthened and studied.