A preliminary version of this paper has appeared in the Proceedings of the IEEE Conference on Computer Communications (INFOCOM), April 2009.
Blind detection of spread spectrum flow watermarks†
Article first published online: 17 MAY 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 6, Issue 3, pages 257–274, March 2013
How to Cite
Jia, W., Tso, F. P., Ling, Z., Fu, X., Xuan, D. and Yu, W. (2013), Blind detection of spread spectrum flow watermarks. Security Comm. Networks, 6: 257–274. doi: 10.1002/sec.540
- Issue published online: 25 FEB 2013
- Article first published online: 17 MAY 2012
- SAR Hong Kong RGC Competitive Earmarked Research Grant (CERG). Grant Number: 114908
- CityU Applied R & D Funding (ARD). Grant Number: 9678002
- US National Science Foundation (NSF). Grant Numbers: 0943479, 0907964, CNS-1117175
- Army Research Office (ARO). Grant Number: AMSRD-ACC-R50521-CI
- mean-square autocorrelation
Recently, the direct sequence spread spectrum (DSSS)-based technique has been proposed to trace anonymous network flows. In this technique, homogeneous pseudo-noise (PN) codes are used to modulate multiple bit signals that are embedded into the target flow as watermarks. This technique could be maliciously used to degrade an anonymous communication network. In this paper, we propose an effective single flow-based scheme to detect the existence of these watermarks. Our investigation shows that, even if we have no knowledge of the applied PN code, we are still able to detect malicious DSSS watermarks via mean-square autocorrelation (MSAC) of a single modulated flow's traffic rate time series. MSAC shows periodic peaks because of self-similarity in the modulated traffic caused by homogeneous PN codes that are used in modulating multiple bit signals. Our scheme has low complexity and does not require any PN code synchronization. We evaluate this detection scheme's effectiveness via simulations. Our results demonstrate a high detection rate with a low false positive rate. Real-world experiments on Tor also validate the feasibility of the detection scheme. Our scheme is more flexible and accurate than the existing multiflow-based approach in DSSS watermark detection. We also present a theory for reconstructing the DSSS code once the DSSS code length is known and simulations validate the feasibility. Copyright © 2012 John Wiley & Sons, Ltd.