Arabian Journal for Science and Engineering

, Volume 41, Issue 8, pp 3081–3088 | Cite as

Net-flow Fingerprint Model Based on Optimization Theory

  • Cheng Lei
  • Hongqi Zhang
  • Yi Liu
  • Xuehui Du
Research Article - Computer Engineering and Computer Science


Net-flow fingerprint technique provides better efficiency in areas such as stepping stones detection and anonymous network correlation. Carrier capacity, robustness and invisibility are important indicators of net-flow fingerprint systems. In order to compare the efficiency of different net-flow fingerprint systems and help designing a more efficient system by finding capacity bounds and judging robustness and invisibility level, a net-flow fingerprint model based on optimization theory is proposed. Firstly, the proposed model covers all possible attack effects on net-flow fingerprint by reducing net-flow transformation problems to mergence, substitution and insertion, which improves the applicability of the model. Secondly, the proposed model establishes unified analysis criteria for robustness and invisibility, which, combined with different attack intensities, helps to divide robustness and invisibility into three levels, and then effectively and accurately measures them by goodness-of-fit test. What is more, the proposed model converts robustness, invisibility and net-flow transformation problems into different constraints. The maximum capacity under different conditions can be figured out by layered superposing corresponding constraints. Experimental results have confirmed the correctness, feasibility and expandability of the proposed model.


Net-flow fingerprint model Optimization theory Robustness Invisibility Maximum capacity K–S goodness-of-fit test 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Binxing, F.; Xiang, C.; Wei, W.: Botnet review. Comput. Res. Dev. 48(8), 1315(Ch)(2011)Google Scholar
  2. 2.
    Ylonen, T.; Lonvick, C.: The secure shell (SSH) protocol architecture., (2014)
  3. 3.
    Sultana, S.; Bertino, E.; Shehab, M.: A provenance based mechanism to identify malicious packet dropping adversaries in sensor networks. Distributed computing systems workshops (ICDCSW), 2011 31st international conference on IEEE, 2011: 332Google Scholar
  4. 4.
    Sultana S, Shehab M, Bertino E: Secure provenance transmission for streaming data. Knowl. Data Eng. IEEE Trans. 25(8), 1890–1903 (2013)CrossRefGoogle Scholar
  5. 5.
    Houmansadr, A.; Coleman, T.; Kiyavash, N.; et al.: On the channel capacity of network flow watermarking. Proceedings of 16th ACM conference on computer and communications security (CCS’09). (2009)Google Scholar
  6. 6.
    Chaabane, A.; Manils, P.; Kaafar, M.A.: Digging into anonymous traffic: A deep analysis of the tor anonymizing network. Network and system security (NSS), 2010 4th International Conference on IEEE, 167–174 (2010)Google Scholar
  7. 7.
    Fan, Y.; Jiang, Y.; Zhu, H.; et al.: An efficient privacy-preserving scheme against traffic analysis attacks in network coding. INFOCOM 2009, IEEE, 2213–2221 (2009)Google Scholar
  8. 8.
    Panchenko, A.; Niessen, L.; Zinnen, A.; et al.: Website fingerprinting in onion routing based anonymization networks. Proceedings of the 10th annual ACM workshop on privacy in the electronic society. ACM, 103–114 (2011)Google Scholar
  9. 9.
    Murdoch, S.J.; Danezis, G.: Low-cost traffic analysis of Tor[C]Security and Privacy, 2005 IEEE Symposium on. IEEE, 183–195 (2005)Google Scholar
  10. 10.
    Chidlow G, Harnett G, Williams S et al.: Duplex real-time reverse transcriptase PCR assays for rapid detection and identification of pandemic (H1N1) 2009 and seasonal influenza A/H1, A/H3, and B viruses[J]. J. Clin. Microbiol. 48(3), 862–866 (2010)CrossRefGoogle Scholar
  11. 11.
    Houmansadr, A.; Brubaker, C.; Shmatikov, V.: The parrot is dead: observing unobservable network communications. Security and privacy (SP), 2013 IEEE Symposium on IEEE,65–79 (2013)Google Scholar
  12. 12.
    Mittal, P.; Khurshid, A.; Juen, J.; et al.: Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. Proceedings of the 18th ACM conference on computer and communications security. ACM, 215–226 (2011)Google Scholar
  13. 13.
    Kiyavash, N.; Houmansadr, A.; Borisov, N.: Multi-flow attacks against network flow watermarks: analysis and countermeasures. arXiv preprint arXiv:1203.1390, (2012)
  14. 14.
    Peng, P.; Ning, P.; Reeves, D.S.: On the secrecy of timing-based active watermarking traceback techniques. Security and privacy, 2006 IEEE Symposium on IEEE, 15–349 (2006)Google Scholar
  15. 15.
    Luo, X.; Zhou, P.; Zhang, J.; et al.: Exposing invisible timing-based traffic watermarks with BACKLIT. Proceedings of the 27th Annual Computer Security Applications Conference. ACM, 197–206 (2011)Google Scholar
  16. 16.
    Luo, X.; Zhang, J.; Perdisci, R.; et al.: On the secrecy of spread-spectrum flow watermarks. Computer security– ESORICS 2010. Springer Berlin Heidelberg, 232–248 (2010)Google Scholar
  17. 17.
    Jia, W.; Tso, F.P.; Ling, Z.; et al.: Blind detection of spread spectrum flow watermarks. Secur. Commun. Netw. 6(3), 257–274 (2013)Google Scholar
  18. 18.
    Gnedenko, B.V.; Kolmogorov, A.N.; Doob, J.L.; et al.: Limit distributions for sums of independent random variables. Reading, Massachusetts: Addison-Wesley, (1968)Google Scholar
  19. 19.
    Piratla NM, Jayasumana AP: Metrics for packet reordering A comparative analysis[J]. Int. J. Commun. Syst. 21(1), 99–113 (2008)CrossRefGoogle Scholar
  20. 20.
    Lei, C.; Zhang, H.; Sun, Y.; Cracking-resistance net-flow fingerprint scheme based on multi-dimensional orthogonal carriers. (2015) doi: 10.11959/j.issn.1000-436x.2015064
  21. 21.
    Claffy, K.C.; Andersen, D.; Hick, P.: The caida anonymized 2014 internet traces.
  22. 22.
    Wang, X.; Luo, J.; Yang, M.: A double interval centroid-based watermark for network flow traceback. Computer supported cooperative work in design (CSCWD), 2010 14th international conference on IEEE, 146–151 (2010)Google Scholar
  23. 23.
    Houmansadr, A.; Kiyavash, N.; Borisov, N.: Non-blind watermarking of network flows[J]. arXiv preprint arXiv:1203.2273, (2012)
  24. 24.
    Kiyavash, N.; Houmansadr, A.; Borisov, N.: Multi-flow attacks against network flow watermarks: analysis and countermeasures. arXiv preprint arXiv:1203.1390, (2012)

Copyright information

© King Fahd University of Petroleum & Minerals 2016

Authors and Affiliations

  • Cheng Lei
    • 1
    • 2
  • Hongqi Zhang
    • 1
    • 2
  • Yi Liu
    • 1
    • 2
  • Xuehui Du
    • 1
    • 2
  1. 1.Zhengzhou Information Science and Technology InstituteZhengzhouChina
  2. 2.Henan Provincial Key Laboratory of Information SecurityZhengzhouChina

Personalised recommendations