Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
IEEE/ACM Transactions on Networking (TON)
Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems
IHW '01 Proceedings of the 4th International Workshop on Information Hiding
Proceedings of the 10th ACM conference on Computer and communications security
On Flow Marking Attacks in Wireless Anonymous Communication Networks
ICDCS '05 Proceedings of the 25th IEEE International Conference on Distributed Computing Systems
Tracking anonymous peer-to-peer VoIP calls on the internet
Proceedings of the 12th ACM conference on Computer and communications security
On the Secrecy of Timing-Based Active Watermarking Trace-Back Techniques
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
DSSS-Based Flow Marking Technique for Invisible Traceback
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Fast autonomous system traceback
Journal of Network and Computer Applications
Anonymity and monitoring: how to monitor the infrastructure of an anonymity system
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
On sequential watermark detection
IEEE Transactions on Signal Processing
Detecting Encrypted Stepping-Stone Connections
IEEE Transactions on Signal Processing
Editorial: Collaboration computing technologies and applications
Journal of Network and Computer Applications
Hi-index | 0.00 |
Network watermarking schemes have been proposed to trace secret network attack flows transferred through stepping stones as well as anonymous channels. However, most existing network flow watermark detection techniques focus on a fixed sample size of network data to achieve the required accuracy. Irrespective of the uncertainty or information content of successive observations, such detection techniques will result in low efficiency of watermark detection. We herein propose a novel sequential watermark detection model (SWDM) supporting three sequential detectors for efficient traceback of network attack flows. By exploiting the sequential probability ratio test approach, we first propose the intuitive paired-intervals-based optimum watermark detector (POWD) and the single-interval-based optimum watermark detector (SOWD) under the assumption of known parameters of the observed attack flow. We then propose the sequential sign watermark detector (SSWD) that operates on two-level quantized observations for nonparametric watermark detection. Based on our SWDM model, a statistical analysis of sequential detectors, with no assumptions or limitations concerning the distribution of the timing of packets, proves their effectiveness despite traffic timing perturbations. The experiments using a large number of synthetically-generated SSH traffic flows demonstrate that there is a significant advantage in using our sequential watermark detectors based on the proposed SWDM model over the existing fixed sample size watermark detector (FSWD). Compared to the FSWD detector, the POWD detector achieves almost 28% savings in the average number of packets. Especially, given the required probability of detection errors, the SOWD detector and the SSWD detector can achieve almost 47% and 29% savings, respectively, in the average number of required packets, thus resulting in not only guaranteed rates of detection errors but also high efficiency of flow traceback.