高级检索

    网络流水印安全威胁及对策综述

    Survey on Security Threats and Countermeasures of Network Flow Watermarking

    • 摘要: 与基于流量特性的被动流关联技术相比,基于流水印的主动流关联技术在跳板攻击溯源和匿名用户追踪等方面准确率更高、误报率更低,观测时间也更短.首先介绍基于包载荷、流速率、包时间等载体的典型流水印技术;然后阐述流水印技术所面临的多流攻击、均方自相关攻击、K-S(Kolmogorov-Simirnov)测试、PNR(Peng Ning Reeves)攻击、时延规范化攻击、BACKLIT检测、已知流攻击、输出检测和复制攻击等安全威胁;接着分析流水印技术在抵御多流攻击、均方自相关攻击、K-S测试和BACKLIT检测等各类安全威胁时所主要采取的嵌入位置随机化、水印信息重排序、“一流一印”、“一流一码”、嵌入延迟最小化等方法和手段;最后对流水印安全威胁与对策的研究热点及发展趋势进行总结和展望,认为现有流水印技术的抗攻击能力有待进一步加强、流水印隐蔽性的统一评价体系与指标缺乏、其他载体及多重载体流水印技术的攻击手段亟待研究.

       

      Abstract: By comparing the flow characteristics-based passive flow correlation technologies, the authors find the flow watermarking-based active flow correlation technologies are more accurate with less false positive rate and less observation time in terms of attack attribution through stepping stones and anonymous abuser tracing. This paper first introduces typical flow watermarking technologies based on packet payload, flow rate and packet timing, then explains the security risks which the flow watermarking technologies face such as multi-flow attack, mean-square autocorrelation attack, K-S (Kolmogorov-Simirnov) test, PNR (Peng Ning Reeves) attack, delay normalization attack, BACKLIT detection, known flow attack, output-only detection and copy attack. In following, the authors analyze the methods and means for the flow watermarking technologies to defend against multi-flow attack, mean-square autocorrelation attack, K-S test, BACKLIT detection and other security risks, such as the frequently used embedding position randomization, watermarking bit reordering, one watermark for each target flow, one code for each target flow and embedding delay minimization. In conclusion, the authors summarize and anticipate the hot topics and research trends of the security threats and the countermeasures against them to the flow watermarking technologies. That is, the attack resistance ability of the existing flow watermarking technologies, the unified evaluation system and metrics of watermark invisibility and attacks aiming to other carriers based and multiple carriers based flow watermarking technologies need to be further strengthened and studied.

       

    /

    返回文章
    返回