HSTW: A robust network flow watermarking method based on hybrid packet sequence-timing

Abstract

Network flow watermarking (NFW) has been widely used in flow trace back. However, most of the existing NFW methods cannot work efficiently due to the weakness of resisting channel interferences, establishing reliable synchronization, and resisting statistical analysis-based NFW attacks. To this end, a hybrid packet sequence-timing-based flow watermarking (HSTW) method is proposed, for which packet sequence and packet timing constitute a hybrid carrier to carry watermark information. HSTW modulates the packet sequence of the flow and represents the watermark information by the relative time relationship between the packet reordering, which improves the robustness of the watermark against delay jitter and packet loss. By designing a synchronization header based on the specific packet sequence, the information synchronization is achieved at any position of the flow. To resist statistical analysis-based NFW attacks, the packet sequence modulation is carried out in the form of slight packet reordering. The random distribution of the watermark is achieved based on the synchronization header, eliminating the time correlation between multiple watermarked flows. By a large number of experiments based on real-time traffic and public datasets, the results show that in comparison with the existing methods, HSTW has stronger robustness and more reliable synchronization. Compared with timing-based and rate-based methods, the accuracy of HSTW under delay jitter is increased by 32.17% to 34.50%. The accuracy of HSTW under packet loss interference is improved by 20.11% to 26.89% in comparison with sequence-based methods. HSTW can achieve information synchronization even if only partial watermarked flow can be obtained. Furthermore, HSTW can avoid the detection of Kolmogorov-Smirnov test and multi-flow attacks.