| Increasing reliance of the Internet communications for our daily life has led to growing concerns over network security.Linking network flows is an important problem in anonymity communication traceback as well as stepping stone attack detection.To the best of our knowledge,most state-of-the-art flow watermarks can link flows,but are likely to be impossible to achieve invisibility property and robustness requirement simultaneously.For example,in IPD-based schemes,watermarks are inserted by shrinking or enlarging the delays between successive packets after transmitting or recording various types of traffic features.Since only a small perturbation is introduced in each interarrival time,watermarks are not visible.Whereas one risk posed by such methods is that any packet addition or removal during communication can lead to watermark desynchronization,thereby making the desired special signal unrecoverable.This thesis aims at designing identifiers to efficiently link network flows without forwarding and distorting the original traffic patterns.Broadly speaking,this study contributes to providing an interesting insight into a possible combination of traditional traffic analysis and classic information theory or cryptography principle.More specifically,we not only employ phase space reconstruction to understand the implications of network traffic behavior,but also leverage the restructured state space to render an identifier based on Huffman coding.Furthermore,we also exploit the burstiness and chaos inherent in network traffic to collect some unique and stable traffic traits,which are used later to construct a flexible identifier based on Shamir's(t,n)threshold secret sharing scheme.Experimental results on real network traces indicate that the proposed schemes are robust to network jitter,packet insertions,and losses,while remaining invisible to an attacker. |
PDF Full Text Request