Exposing invisible timing-based traffic watermarks with BACKLIT - Citegraph

Paper Info

Title
Exposing invisible timing-based traffic watermarks with BACKLIT

Abstract
Traffic watermarking is an important element in many network security and privacy applications, such as tracing botnet C&C communications and deanonymizing peer-to-peer VoIP calls. The state-of-the-art traffic watermarking schemes are usually based on packet timing information and they are notoriously difficult to detect. In this paper, we show for the first time that even the most sophisticated timing-based watermarking schemes (e.g., RAINBOW and SWIRL) are not invisible by proposing a new detection system called BACKLIT. BACKLIT is designed according to the observation that any practical timing-based traffic watermark will cause noticeable alterations in the intrinsic timing features typical of TCP flows. We propose five metrics that are sufficient for detecting four state-of-the-art traffic watermarks for bulk transfer and interactive traffic. BACKLIT can be easily deployed in stepping stones and anonymity networks (e.g., Tor), because it does not rely on strong assumptions and can be realized in an active or passive mode. We have conducted extensive experiments to evaluate BACKLIT's detection performance using the PlanetLab platform. The results show that BACKLIT can detect watermarked network flows with high accuracy and few false positives.

Year	DOI	Venue
2011	10.1145/2076732.2076760	ACSAC
Keywords	Field	DocType
c communication,traffic watermarking,interactive traffic,botnet c,state-of-the-art traffic,practical timing-based traffic watermark,state-of-the-art traffic watermark,sophisticated timing-based watermarking scheme,invisible timing-based traffic watermark,anonymity network,detection performance,network flow,backlit,sequential sampling,invisible,biometrics,network security,false positive	PlanetLab,Digital watermarking,Computer security,Computer science,Botnet,Network packet,Network security,Real-time computing,Watermark,Tracing,Voice over IP	Conference
Citations	PageRank	References
20	0.82	30
Authors
6

Authors (6 rows)

Cited by (20 rows)

References (30 rows)

Name	Order	Citations	PageRank
Xiapu Luo	1	1302	110.23
Peng Zhou	2	20	0.82
Junjie Zhang	3	849	41.61
Roberto Perdisci	4	2137	97.99
Wenke Lee	5	9351	628.83
Rocky K. C. Chang	6	659	51.06

1