Analysis And Evaluation Of The Robustness Of Network Flow Watermarking

Network Flow Watermarking(NFW)is an active approach of traffic analysis,where some special tags are embedded into network flows.Compared with the traditional methods,NFW can effectively traceback anonymous abusers and network attackers with shorter tracking time,lower computational and communication cost.Network attackers and existing anonymous communication systems attempt to disturb NFW by carrying out various flow transformations,such as packet dropping,flow splitting,adding chaff,repacketization and time perturbation.Then the robustness testing of NFW is paid attentions,which ensures the non-detectability of network flow watermarking.However,the existing robustness analyses often aim at a specified NFW method involving various experimental parameters and environments.Therefore,it is difficult to objectively evaluate and compare the robustness of different NFW methods under different interference factors in a uniform environment.To solve this problem,this thesis chooses and implements seven representative methods that belong to three categories of NFW techniques:(1)Interval based,(2)Inter-Packet Delay(IPD)based,and(3)Direct Sequence Spread Spectrum(DSSS)based.The robustness of these methods is analyzed in theory when the five flow transformations mentioned above are considered.To validate the results of robustness analysis,we establish a unified testbed for a series of experiments where different NFW methods and flow transformations are implemented.Firstly,under different flow transformations using a self-established anonymous proxy server,we evaluate the robustness of NFWs by calculating accurate rates and detection true positive rates.The experimental results show that the robustness of NFW methods are varied with different interference factors:(1)Interval-based NFW methods have good robustness for packet dropping,flow splitting,adding chaff,repacketization and time perturbation,(2)IPD-based NFW methods can only withstand a certain range of time perturbation because they are sensitive with locations;(3)DSSS-based NFW methods have good robustness for most of flow transformations except flow splitting and time perturbation.Secondly,we conduct real-time penetration experiments on the service of Total Net Shield,which is provided by a leading anonymizing service provider Anonymizer,to evaluate the usability of NFW methods in real scenario.The experimental results show that the four Interval-based NFW methods maintain high accuracy in the anonymous network,and are practical in real scenario.However,the IPD-based and DSSS-based NFW methods have the poor practicability because of their low accurate rates under the interference of Anonymizer.