基于时隙的多重冗余流指纹模型

doi:10.11959/j.issn.2096-109x.2023006

网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (1): 115-129.doi: 10.11959/j.issn.2096-109x.2023006

基于时隙的多重冗余流指纹模型

刘科显¹, 关建峰¹, 张婉澂¹, 何志凯², 闫迪嘉³

¹ 北京邮电大学计算机学院（国家示范性软件学院），北京 100876
² 中国航空综合技术研究所，北京 100028
³ 北京工业大学信息学部，北京 100124

修回日期:2022-11-02 出版日期:2023-02-25 发布日期:2023-02-01
作者简介:刘科显（1996- ），男，河南周口人，北京邮电大学博士生，主要研究方向为网络安全
关建峰（1982- ），男，河南巩义人，北京邮电大学副教授、博士生导师，主要研究方向为网络架构、区块链与网络安全、移动互联网、大数据与人工智能
张婉澂（1995- ），女，安徽芜湖人，北京邮电大学硕士生，主要研究方向为内生网络安全
何志凯（1986- ），男，安徽蚌埠人，中国航空综合技术研究所高级工程师，主要研究方向为无人系统标准化与可用性
闫迪嘉（2000- ），男，北京人，主要研究方向为网络安全
基金资助:
国家重点研发计划(2018YFE0206800)

Multiple redundant flow fingerprint model based on time slots

Kexian LIU¹, Jianfeng GUAN¹, Wancheng ZHANG¹, Zhikai HE², Dijia YAN³

¹ School of Computer Science (National Pilot Software Engineering School, Beijing University of Posts and Telecommunications, Beijing 100876, China
² AVIC China Aero-poly Technology Establishment, Beijing 100028, China
³ Faculty of Information Technology Beijing University of Technology, Beijing 100124, China

Revised:2022-11-02 Online:2023-02-25 Published:2023-02-01
Supported by:
The National Key R＆D Program of China(2018YFE0206800)

摘要/Abstract

摘要：

随着互联网的日益广泛应用，各种网络安全问题频频暴露，以“打补丁”形式为主的安全增强模式难以有效防范日益增长的安全风险，网络安全领域研究者认为未来互联网体系架构应当将安全作为一种基本属性，实现网络架构对安全的内生支持。为了支持内生安全的数据可信，在流水印/流指纹机制的研究基础之上，设计实现了一种基于时隙的多重冗余流指纹模型。该模型使用3个时隙间隔，通过对指定时隙内的数据包进行延迟等操作，可在相邻比特操作不产生冲突的情况下实现指纹嵌入，并且引入冗余编码来提高指纹健壮性，同时考虑到网络中抖动或攻击者的恶意扰乱等行为，将延迟干扰、垃圾数据包干扰以及丢包干扰对模型的影响进行了理论分析，结果表明在给定网络流中数据的包分布时，随着冗余位的增加，指纹模型的鲁棒性明显提高。为了减少时间和空间消耗，提高数据包操作的效率和精度，基于内核设计和实现流指纹原型系统，并对其效率和鲁棒性进行评估，实验表明该模型具有很高的鲁棒性。最后，展示了所提模型的应用场景，基于该流指纹功能模型，能有效检测中间人攻击，预防网络身份欺骗。

关键词: 流水印, 流指纹, 内生安全, 多重冗余

Abstract:

With the increasingly widespread use of the Internet, various network security problems are frequently exposed, while the “patching” style security enhancement mechanisms cannot effectively prevent the growing security risks.The researchers in the field of network security believe that the future Internet architecture should take security as a basic attribute to provide the native security support which is also called as endogenous safety and security.In order to support the data trustworthiness of endogenous security, a time-slot based multiple redundant flow fingerprint model was designed and implemented based on the research of the watermark (or fingerprint) mechanism.The proposed model used only three time slot intervals and operated the packets within the specified time slots, so that the fingerprint can be embedded without conflicting with the adjacent bit operations.Redundant coding was introduced to improve the fingerprint robustness, and the behaviors such as jitter or malicious disruptions by attackers in the network were considered.Furthermore, the impacts of delayed interference, spam packet interference and packet loss interference were analyzed.The analytical results show that the robustness of the fingerprint model improves with increasing redundant bits when the packet distribution in the network stream is given.Besides, in order to reduce the consumption of time and space and improve the efficiency and accuracy of packet operations, a flow fingerprinting prototype system was designed and implemented based on the kernel, and its efficiency and robustness were evaluated.The experimental result show that the model has high robustness.Additionally, the application scenario of the model was elaborated, which can effectively detect man-in-the-middle attacks and prevent network identity spoofing with the help of the flow fingerprinting model.

Key words: flow watermark, flow fingerprint, endogenous safety and security, multiple redundancy

中图分类号:

TP393

刘科显, 关建峰, 张婉澂, 何志凯, 闫迪嘉. 基于时隙的多重冗余流指纹模型[J]. 网络与信息安全学报, 2023, 9(1): 115-129.

Kexian LIU, Jianfeng GUAN, Wancheng ZHANG, Zhikai HE, Dijia YAN. Multiple redundant flow fingerprint model based on time slots[J]. Chinese Journal of Network and Information Security, 2023, 9(1): 115-129.

图/表 21

表1

图1

图2

图3

图4

图5

图6

图7

图8

图9

表2

图10

图11

图12

图13

图14

图15

图16

图17

图18

图19

参考文献 28

[1]	邬江兴 . 网络空间拟态防御研究[J]. 信息安全学报, 2016,1(4): 1-10.
	WU J X . Research on cyber mimic defense[J]. Journal of Cyber Security, 2016,1(4): 1-10.
[2]	WANG X , REEVES D S , WU S F ,et al. Sleepy watermark tracing:An active network-based intrusion response framework[C]// IFIP International Information Security Conference. 2001: 369-384.
[3]	YU W , FU X , GRAHAM S ,et al. DSSS-based flow marking technique for invisible traceback[C]// 2007 IEEE Symposium on Security and Privacy (SP'07). 2007: 18-32.
[4]	JIA W , TSO F P , LING Z ,et al. Blind detection of spread spectrum flow watermarks[J]. Security and Communication Networks, 2013,6(3): 257-274.
[5]	HUANG J , PAN X , FU X ,et al. Long PN code based DSSS watermarking[C]// Proceedings IEEE INFOCOM. 2011: 2426-2434.
[6]	ZHANG L , WANG Z , WANG Q ,et al. MSAC and multi-flow attacks resistant spread spectrum watermarks for network flows[C]// 2nd IEEE International Conference on Information and Financial Engineering. 2010: 438-441.
[7]	XU X , ZHANG L , YAN J . PN code diversification based spread spectrum flow watermarking technology[C]// 14th International Conference on Computational Intelligence and Security (CIS). 2018: 254-258.
[8]	WANG X , REEVES D S , WU S F . Inter-packet delay based correlation for tracing encrypted connections through stepping stones[C]// European Symposium on Research in Computer Security. 2002: 244-263.
[9]	WANG X , REEVES D S . Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays[C]// Proceedings of the 10th ACM Conference on Computer and Communications Security. 2003: 20-29.
[10]	HOUMANSADR A , KIYAVASH N , BORISOV N . Rainbow:A robust and invisible non-blind watermark for network flows[C]// NDSS. 2009: 406-422.
[11]	HOUMANSADR A , BORISOV N . The need for flow fingerprints to link correlated network flows[C]// International Symposium on Privacy Enhancing Technologies Symposium. 2013: 205-224.
[12]	SOLTANI R , GOECKEL D , TOWSLEY D ,et al. Fundamental limits of invisible flow fingerprinting[J]. IEEE Transactions on Information Forensics and Security, 2019,15: 345-360.
[13]	REZAEI F , HOUMANSADR A . FINN:fingerprinting network flows using neural networks[C]// Annual Computer Security Applications Conference. 2021: 1011-1024.
[14]	IACOVAZZI A , SARDA S , ELOVICI Y . Inflow:Inverse network flow watermarking for detecting hidden servers[C]// IEEE INFOCOM 2018-IEEE Conference on Computer Communications. 2018: 747-755.
[15]	IACOVAZZI A , SARDA S , FRASSINELLI D ,et al. DropWat:An invisible network flow watermark for data exfiltration traceback[J]. IEEE Transactions on Information Forensics and Security, 2017,13(5): 1139-1154.
[16]	YAO Z , ZHANG L , GE J ,et al. An invisible flow watermarking for traffic tracking:A hidden markov model approach[C]// IEEE International Conference on Communications. 2019: 1-6.
[17]	PYUN Y J , PARK Y H , WANG X ,et al. Tracing traffic through intermediate hosts that repacketize flows[C]// IEEE INFOCOM 2007-26th IEEE International Conference on Computer Communications. 2007: 634-642.
[18]	HOUMANSADR A , BORISOV N . SWIRL:A scalable watermark to detect correlated network flows[C]// NDSS. 2011.
[19]	MO L , LYU G , WANG B ,et al. The design and implementation of an efficient quaternary network flow watermark technology[C]// 17th International Conference on Mobility,Sensing and Networking (MSN). 2021: 746-751.
[20]	REZAEI F , HOUMANSADR A . TagIt:Tagging network flows using blind fingerprints[J]. Proc Pri Enhancing Technol, 2017,2017(4): 290-307.
[21]	罗跃斌 . 网络主动防御关键技术研究[D]. 长沙：国防科学技术大学, 2017.
	LUO Y B . Research on key technologies of network active de fense[D]. Changsha:National University of Defense Technology, 2017.
[22]	LIU W , LIU G , XIA Y ,et al. Using insider swapping of time intervals to perform highly invisible network flow watermarking[J]. Security and Communication Networks,2018, 2018.
[23]	WANG X , CHEN S , JAJODIA S . Network flow watermarking attack on low-latency anonymous communication systems[C]// 2007 IEEE Symposium on Security and Privacy (SP'07). 2007: 116-130.
[24]	ZHANG L , LUO J , YANG M . An improved DSSS-based flow marking technique for anonymous communication traceback[C]// Symposia and Workshops on Ubiquitous,Autonomic and Trusted Computing. 2009: 563-567.
[25]	HOU J , LI Q , TAN R ,et al. An intrusion tracking watermarking scheme[J]. IEEE Access, 2019,7: 141438-141455.
[26]	WANG X , LUO J , YANG M . An interval centroid based spread spectrum watermark for tracing multiple network flows[C]// IEEE International Conference on Systems,Man and Cybernetics. 2009: 4000-4006.
[27]	WANG X , LUO J , YANG M . A double interval centroid-based watermark for network flow traceback[C]// The 14th International Conference on Computer Supported Cooperative Work in Design. 2010: 146-151.
[28]	LIU Y , GHOSAL D , ARMKNECHT F ,et al. Robust and undetectable steganographic timing channels for IID traffic[C]// International Workshop on Information Hiding. 2010: 193-207.

载波类型	相关工作	功能特征
数据包载荷	Wang 2001^[2]	将水印信息比特注入需要发送的信息中，如数分组的载荷或头部，这类方法不适应加密流量且安全性较低
数据包速率	Yu 2007^[3], JIA^[4], Huang 2011^[5], Zhang^[6], Xu 2018^[7]	在整个流的维持时间内进行分段选取，根据水印比特信息调整选取时间段内的流速率，以此来标识流
数据包间隔	Wang 2002^[8], Wang 2003^[9], Houmansadr 2009^[10], Houmansadr 2013^[11], Soltani 2019^[12], Rezaei 2021^[13]	通过改变一个或多个分组先后到达或离开某个网络节点的时间差以嵌入水印信息
数据包丢包	YAO^[14], Iacovazzi 2018^[15-16]	借鉴了网络中自然的丢包行为，在嵌入水印时删除几个特定的数据包，从而改变了数据包间隔的延迟。
基于时隙	Pyun 2017^[17], Houmansadr 2011^[18], Rezaei 2017^[19], Luo 2017^[20], Mo2021^[21], Wang 2007^[22], Lu 2009^[23]	随机选定流的一段时间内的数据分组，再按照相同的时隙进行分组，通过调整不同时隙的数据分组的发送时间以嵌入水印信息
基于时隙质心	Hou 2019^[24], Liu 2018^[25], Wang 2009^[26], Wang 2010^[27], Liu 2010^[28]	在时隙方法的基础上进一步改进，通过选取分好组后的几个时隙，改变其中部分的数据分组的偏移时间以嵌入水印

参数	值
指纹长度(l)	16 bit
时间间隔长度(T)	200 ms, 250 ms, 300 ms, 350 ms, 400 ms, 450 ms, 500 ms
时间偏移(o)	600 ms, 800 ms, 900 ms

基于时隙的多重冗余流指纹模型

Multiple redundant flow fingerprint model based on time slots

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 21

参考文献 28

相关文章 3

Metrics

推荐阅读 0

[1]	陈训逊, 李明哲, 吕宁, 黄亮. 内禀安全：网络安全能力体系化构建方法[J]. 网络与信息安全学报, 2023, 9(1): 92-102.
[2]	胡爱群, 方兰婷, 李涛. 基于仿生机理的内生安全防御体系研究[J]. 网络与信息安全学报, 2021, 7(1): 11-19.
[3]	杜捷,何永忠,杜晔. 基于改进IPD质心的Tor网络流水印检测方法[J]. 网络与信息安全学报, 2019, 5(4): 91-98.