Network flow watermarking schemes have been proposed to trace network attacks in the presence of stepping stones or anonymized channels. Most existing interval-based watermarking schemes are not only ineffective in tracing multiple network flows in parallel due to severe inter-flow interference in practice but also vulnerable to the newly introduced watermarking attacks. By combining the Interval Centroid Based Watermarking (ICBW) modulation approach with the Spread Spectrum (SS) watermarking coding technique, we herein propose an Interval Centroid Based Spread Spectrum Watermarking scheme (ICBSSW) for efficiently tracing multiple network flows in parallel. Based on our proposed theoretical model, a statistical analysis of ICBSSW, with no assumptions or limitations concerning the distribution of packet times, proves its effectiveness and robustness against inter-flow interference. ICBSSW can thwart multi-flow attacks by utilizing multiple Pseudo-Noise (PN) codes as random seeds for randomizing the location of the embedded watermark across multiple flows. The experiments using a large number of synthetically generated secure shell (SSH) traffic flows demonstrate that ICBSSW can efficiently trace multiple flows simultaneously and achieve robustness against inter-flow interference. Furthermore, our approach can be applied to other interval-based flow watermarking schemes besides ICBW for effective and efficient multi-flow traceback.
Read full abstract