HeteroTiC: A robust network flow watermarking based on heterogeneous time channels

Abstract

Tracking back stealthy attackers is still a great challenge in face of complicated Internet environments and increased attacker capabilities. As a possible solution, network flow watermarking has been developed to embed attack labels actively in data flows, trying to identify the attack source accurately in time. However, due to the influences of uncertain network noises, the robustness of watermarking cannot be ensured efficiently in case of non-cooperative network scenarios currently. Meanwhile, it is difficult to enhance robustness and covertness simultaneously when suffering from severe network noises. Thus, a robust network flow watermarking based on Heterogeneous Time Channels (HeteroTiC) is proposed, for which packet order, packet timing and packet size constitute heterogeneous time channels to carry watermarks. The beginning positions are located by packet order to support accurate synchronization, the long watermark sequences are carried by inter-packet delays to improve capabilities against packet dropping and time jitter, the mapping relationships for the watermark sequences on heterogeneous time channels are mixed by packet size of the flow itself to enhance covertness. With multiple layers design of watermarking, HeteroTiC is designed to accomplish fast detection and accurate extraction on watermarks. By experiments, the average detection accuracy reaches 100% and the average extraction accuracy is validated with 94.2%. Furthermore, the same mapping pattern on multiple flows only accounts for 8.11%, which validates the covertness against multiple flow similarities. The extraction accuracy exceeds 9.76%∼18.1% in comparison with classical watermarking methods, which validates the robustness under network noises in Internet.