Research On Tracing System Of Network Flow Watermarking Based On Active Sniffing

The emergence of stepping-stone and anonymous networks provides a variety of effective technical measures for privacy security during communication.But once these technical measures are used by criminals,the difficulty of bringing them to justice will also be greatly increased.Therefore,designing efficient and accurate network attack tracing technology is very important for establishing a safe and harmonious network environment.Traditional tracing technology intercepts network traffic on nodes and analyzes to obtain valuable information by arranging listening nodes at key positions in the network,and traces the real attack source through the obtained information.The defects of this type of passive tracing technology are low efficiency,huge space-time cost,and susceptibility to various kinds of network interference.Moreover,it cannot solve the problem of tracing the source of attacks launched through anonymous networks and stepping-stone,and cannot meet the basic needs of modern network environment for tracing technology either.Network flow watermarking technology is an active tracing technology,which draws on the idea of digital watermarking.It is through actively modulating some characteristics of communication traffic to make it carry some special watermark information in a hidden manner.The communication flow will be analyzed to determine whether there is a communication relationship.This paper designs a tracing system of network flow watermarking based on active sniffing.Firstly,aiming at the common problem of multi-level stepping-stone in the network and adaptively select different tracing methods.Secondly,based on the non-blind network flow watermarking of RAINBOW,a new network flow watermarking algorithm based on the IPD(inter-packet delay)is proposed and deployed into the system through Netfilter technology.Thirdly,in view of the situation of packet loss and network delay in the real network environment,the parameter optimization of network flow watermarking algorithm with adaptive network environment is designed,which further improves the robustness of the system.Finally,an auxiliary tracing module is designed and implemented,including a tracing method based on traffic logs and a tracing method based on packet marking,which provides a more multi-dimensional tracing method.According to the overall framework of the system and the key technologies of each core module,a network tracing system is deployed in the real network environment,and the functions and performance of each core module are tested in different network environments.The test results meet the design requirements of each module of the system.It can not only actively sniff the network environment,but also use the network flow watermarking algorithm based on adaptive watermarking parameters to achieve traceability and support two auxiliary tracing methods.These modules are able to effectively improve the tracing capabilities of the system,and are of great significance for the development and research of network tracing technology.