As malwares such as worms, viruses, spy wares, and bots keep being large threats in Internet security, a number of projects suggest monitoring their macroscopic network activities by globally distributed sensors. These sensors are deployed in various pertinent organizations and keep collecting traffic logs. Eventually these logs are shared among entities who analyze them. As such activities rise, more and more traffic logs are shared among the organizations and their traceability becomes an important issue. In this paper, we propose a fingerprinting method to embed an id into traffic logs. Particularly, we consider fingerprinting darknet traffic logs, which are common in network monitoring. By focusing on the nature of darknet traffic, our method enhances traceability while introducing minor degradation to them. Experiments using real darknet traffic show the robustness of the proposed scheme against several typical randomized attacks.
[1]
Deepa Kundur,et al.
Practical Data Hiding in TCP/IP
,
2002
.
[2]
F. Jahanian,et al.
Practical Darknet Measurement
,
2006,
2006 40th Annual Conference on Information Sciences and Systems.
[3]
Vinod Yegneswaran,et al.
On the Design and Use of Internet Sinks for Network Abuse Monitoring
,
2004,
RAID.
[4]
Steven J. Murdoch,et al.
Embedding Covert Channels into TCP/IP
,
2005,
Information Hiding.
[5]
Steganography Steganography,et al.
An Analysis of Steganographic Techniques
,
1998
.
[6]
David Moore,et al.
Network Telescopes: Tracking Denial-of-Service Attacks and Internet Worms Around the Globe
,
2003,
LiSA.