CN105404797B - A kind of Active Networks streaming digital water mark method based on dual redundant - Google Patents

A kind of Active Networks streaming digital water mark method based on dual redundant Download PDF

Info

Publication number
CN105404797B
CN105404797B CN201510703425.3A CN201510703425A CN105404797B CN 105404797 B CN105404797 B CN 105404797B CN 201510703425 A CN201510703425 A CN 201510703425A CN 105404797 B CN105404797 B CN 105404797B
Authority
CN
China
Prior art keywords
watermark
receiving end
group
groups
method based
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510703425.3A
Other languages
Chinese (zh)
Other versions
CN105404797A (en
Inventor
陈永红
侯雪艳
田晖
王田
蔡奕侨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaqiao University
Original Assignee
Huaqiao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaqiao University filed Critical Huaqiao University
Priority to CN201510703425.3A priority Critical patent/CN105404797B/en
Publication of CN105404797A publication Critical patent/CN105404797A/en
Application granted granted Critical
Publication of CN105404797B publication Critical patent/CN105404797B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1063Personalisation

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Editing Of Facsimile Originals (AREA)

Abstract

本发明的一种基于双重冗余的主动网络流数字水印方法中双重冗余的思想是指每一枚水印Wi都对应一个大的时间间隔Ri,而每个大的时间间隔内离散的包含r个小的时间间隔g,水印Wi将被重复嵌入到r个不同的小间隔g内;同时,每个g间隔内都包含多个数据包序列,并最终通过操作数据包时间序列达到嵌入水印的目的;通过采用双重冗余的方法,可以有效提高嵌入的水印在网络传播过程中的稳定性,提高接收端水印的有效检测率,降低误检率。采用本发明基于双重冗余的主动网络流数字水印嵌入方法,可以有效保障发送端嵌入的水印能较安全的抵达接收端,提高接收端水印的检测效率,为有效判断发送端与接收端的通信关系提供依据。

The idea of double redundancy in an active network stream digital watermarking method based on double redundancy in the present invention means that each watermark W i corresponds to a large time interval R i , and each large time interval discrete Contains r small time intervals g, the watermark W i will be repeatedly embedded in r different small intervals g; at the same time, each g interval contains multiple data packet sequences, and finally achieves The purpose of embedding the watermark; by adopting the double redundancy method, the stability of the embedded watermark in the network propagation process can be effectively improved, the effective detection rate of the watermark at the receiving end can be improved, and the false detection rate can be reduced. Adopting the dual redundancy-based active network flow digital watermark embedding method of the present invention can effectively ensure that the watermark embedded at the sending end can reach the receiving end more safely, improve the detection efficiency of the watermark at the receiving end, and effectively judge the communication relationship between the sending end and the receiving end Provide evidence.

Description

一种基于双重冗余的主动网络流数字水印方法An Active Network Stream Digital Watermarking Method Based on Double Redundancy

技术领域technical field

本发明涉及数字水印中的主动网络流水印领域,特别是涉及一种利用双重冗余通过操作时间序列实现水印嵌入的方法,以及一种主动网络流水印嵌入和提取系统。The invention relates to the field of active network flow watermark in digital watermark, in particular to a method for realizing watermark embedding by operating time series by utilizing double redundancy, and an active network flow watermark embedding and extracting system.

背景技术Background technique

近年来,随着Internet爆炸式的发展,网络安全问题日益严重,尤其在经济利益的驱使下,各种网络攻击层出不穷,给用户带来巨大损失。一方面,为了逃避检测和追踪,攻击者往往不直接对目标主机发起攻击,而是通过登录跳板节点主机,借助匿名通信系统、僵尸网络等手段来隐藏真实身份,这给追踪攻击流、定位真实攻击源造成巨大困难;另一方面,由于一些不法分子利用匿名通信系统传播色情、暴力等不良信息,严重污染网络环境,但对这些行为的犯罪取证却面临严峻挑战。In recent years, with the explosive development of the Internet, network security issues have become increasingly serious, especially driven by economic interests, various network attacks have emerged one after another, causing huge losses to users. On the one hand, in order to evade detection and tracking, attackers often do not directly attack the target host, but log in to the springboard node host and use anonymous communication systems, botnets and other means to hide their real identities. On the other hand, because some criminals use anonymous communication systems to spread pornography, violence and other bad information, which seriously pollutes the network environment, but the criminal evidence collection of these acts is facing severe challenges.

面对以上问题,传统的入侵检测系统主要采用被动网络流量分析方法。此类方法主要是通过布置在网络关键位置的节点来收集网络流量,借助于分析和比较各网络流量中的数据分组数量、大小、时序等特征,来确认网络流之间的匹配关系。但是这种方法需要捕获和检查所有网络流量,会明显增加网络设备的时空开销,其离线分析模式也导致识别滞后性,实时性较差,可扩展性不强,难以应对大规模高带宽的网络环境,在加密匿名通信系统中更是力不从心。Faced with the above problems, traditional intrusion detection systems mainly use passive network traffic analysis methods. This type of method mainly collects network traffic through nodes arranged at key positions in the network, and confirms the matching relationship between network streams by analyzing and comparing the number, size, timing and other characteristics of data packets in each network traffic. However, this method needs to capture and inspect all network traffic, which will significantly increase the time and space overhead of network equipment. Its offline analysis mode also leads to recognition lag, poor real-time performance, and poor scalability. It is difficult to cope with large-scale and high-bandwidth networks. environment, it is even more powerless in an encrypted anonymous communication system.

针对传统被动检测系统的不足,以及加密流量和匿名通信系统中的跟踪和定位困难等问题,众多学者将数字水印加入网络流量中,提出了主动网络流水印(ANFW)技术。Aiming at the deficiencies of traditional passive detection systems and the difficulty of tracking and locating in encrypted traffic and anonymous communication systems, many scholars have added digital watermarks to network traffic and proposed Active Network Watermarking (ANFW) technology.

主动网络流水印技术主要借鉴数字水印(digital watermarking)的思想,通过主动改变发送端所产生流量的某些特征,使之可以隐蔽地携带一些特殊标记信息,即水印(watermark),经过网络传输后,从接收端接收的网络流量中检测出相应的水印,则认为发送端和接受端之间存在网络流量关联,从而可以认定,它们之间存在明确的网络通信。The active network watermarking technology mainly draws on the idea of digital watermarking, by actively changing some characteristics of the traffic generated by the sending end, so that it can covertly carry some special marking information, that is, watermark (watermark), after network transmission , and the corresponding watermark is detected from the network traffic received by the receiving end, it is considered that there is a network traffic correlation between the sending end and the receiving end, so that it can be determined that there is a clear network communication between them.

主动网络流水印(ANFW)可描述为一个六元组<OF,W,AP,EM,DE,CM>,其中,OF(original flows)为原始网络流集合;W为嵌入的水印信息,W={w1,w2,...,wl},|W|=l(l>0),wi为水印信息为,取值为0或1,l为水印容量;AP(assist parameters)是在流中嵌入水印时所需要的辅助参数集,不同的网络流水印具有不同的参数;EM为调制或嵌入水印函数;DE为解调或提取水印函数;CM为比较函数。Active network flow watermark (ANFW) can be described as a six-tuple <OF, W, AP, EM, DE, CM>, where OF (original flows) is the original network flow set; W is the embedded watermark information, W = {w 1 ,w 2 ,...,w l },|W|=l(l>0), w i is the watermark information, the value is 0 or 1, l is the watermark capacity; AP(assist parameters) It is the auxiliary parameter set needed when embedding watermark in the stream, and different network stream watermarks have different parameters; EM is the modulation or embedding watermark function; DE is the demodulation or extraction watermark function; CM is the comparison function.

发明内容Contents of the invention

发明的目的在于克服现有技术之不足,提供一种基于双重冗余的主动网络流数字水印方法。The purpose of the invention is to overcome the deficiencies of the prior art and provide an active network flow digital watermarking method based on double redundancy.

本发明解决其技术问题所采用的技术方案是:提供一种基于双重冗余的主动网络流数字水印方法,包括:一种基于双重冗余的主动网络流数字水印方法,其特征在于,包括如下步骤:The technical solution adopted by the present invention to solve the technical problem is to provide a dual redundancy-based active network stream digital watermarking method, including: a dual redundancy-based active network stream digital watermarking method, characterized in that it includes the following step:

A1、在边界路由上捕获发送端发送来的数据流Tf,并确定水印嵌入所需的参数偏移量o,以及需要嵌入水印的数据流段TdA1. Capture the data flow T f sent by the sender on the border route, and determine the parameter offset o required for watermark embedding, and the data flow segment T d that needs to embed the watermark;

A2、将Td段划分成大小相等的2n等份,每份包括k个数据包,其中n=l*r,l是需要嵌入水印的个数,k为第一冗余度,r为第二冗余度;A2. Divide the T d segment into 2n equal parts of equal size, each of which includes k data packets, where n=l*r, l is the number of watermarks that need to be embedded, k is the first redundancy, and r is the first double redundancy;

A3、将每相邻的两个间隔划分成一个小组,共n个小组,即g0,g1,g2,...,gj,...,gn-1,再将这n个g组随机分成l个大组,即R0,R1,...,Ri,...,Rl-1,每个大组里面包含r个g组;A3. Divide every two adjacent intervals into a group, a total of n groups, namely g 0 , g 1 , g 2 ,...,g j ,...,g n-1 , and then divide the n Each g group is randomly divided into l large groups, namely R 0 , R 1 ,...,R i ,...,R l-1 , and each large group contains r g groups;

A4、每个水印Wi均对应一个Ri组,在Ri组内,利用数据包间隔,水印会分别被嵌入r个g组内;A4. Each watermark W i corresponds to one R i group. In the R i group, the watermark will be embedded in r g groups respectively by using the data packet interval;

A5、循环l次步骤4,最终嵌入所有的水印;A5, cycle step 4 for l times, and finally embed all watermarks;

A6、将嵌入水印后的数据流重新放入网络当中,同时将嵌入水印所需的各种参数及原始水印W上传到第三方代理。A6. Put the watermark-embedded data stream back into the network, and at the same time upload various parameters required for embedding the watermark and the original watermark W to the third-party agent.

优选的,在接收端的边界路由上捕获发送给接收端的数据流,并从第三方代理获得水印检测所需的各种参数及原始水印W。Preferably, the data flow sent to the receiving end is captured on the border route of the receiving end, and various parameters required for watermark detection and the original watermark W are obtained from a third-party agent.

优选的,利用参数将捕获的数据流进行同样的间隔划分,在划分好的间隔内,利用水印检测函数,求取每个g组所携带的水印信息。Preferably, the parameters are used to divide the captured data stream into the same interval, and within the divided interval, the watermark detection function is used to obtain the watermark information carried by each group g.

优选的,统计Ri组内出现次数最多的水印,该水印值即为Ri组最终所携带的最终水印。Preferably, the watermark with the most occurrences in the R i group is counted, and the watermark value is the final watermark finally carried by the R i group.

优选的,将接收端提取的水印W’与原始水印W进行比较,若相同,则发送端与接收端之间存在明确的通信关系,否则,则无法确定其通信关系。Preferably, the watermark W' extracted by the receiving end is compared with the original watermark W, if they are the same, there is a clear communication relationship between the sending end and the receiving end, otherwise, the communication relationship cannot be determined.

优选的,所述对双重冗余嵌入水印后的检测方法,具体步骤为:Preferably, the specific steps of the method for detecting double redundant embedded watermarks are:

B1、在接收端网络流的入口处提取接收的数据流Tf’;B1. Extract the received data flow T f ' at the entrance of the network flow at the receiving end;

B2、从第三方代理处获得水印提取所需的各种参数,如偏移量o,冗余度k、r,原始水印W,及水印总个数l等;B2. Obtain various parameters required for watermark extraction from a third-party agent, such as offset o, redundancy k, r, original watermark W, and total number of watermarks l, etc.;

B3、利用已获得的水印嵌入参数,重新将接收端的数据流Tf’分成l个R组,即R0’,R1’,R2’,...,Ri’,...,Rl-1’,且每个R’组内包含r个g’组;B3. Using the obtained watermark embedding parameters, re-divide the data stream T f ' at the receiving end into l R groups, namely R 0 ', R 1 ', R 2 ',...,R i ',..., R l-1 ', and each R' group contains r g'groups;

B4、计算第i个水印wi’,即分别利用数据包间隔思想计算Ri’内r个g’组内所携带的水印值,可得到r个水印wij’(j=0,1,...r-1);B4. Calculate the i-th watermark w i ', that is, use the idea of data packet interval to calculate the watermark values carried in r g' groups in R i ' respectively, and r watermarks w ij '(j=0,1, ...r-1);

B5、在r个水印wij’内,统计出现次数最多的水印值,则该值即为Ri’组所携带水印的最终值。B5. Among the r watermarks w ij ', the watermark value with the most occurrence times is counted, and this value is the final value of the watermark carried by the R i ' group.

B6、循环步骤4和步骤5l次,得到接收端的水印序列W’;B6, loop step 4 and step 51 times, obtain the watermark sequence W ' of receiving end;

B7、将发送端的水印序列W和接收端检测到的水印序列W’用CM比较函数进行比较,若相同,则发送端与接收端存在确定的通信关系,否则,则无法确定其通信关系。B7. Compare the watermark sequence W of the sending end with the watermark sequence W' detected by the receiving end using the CM comparison function. If they are the same, there is a definite communication relationship between the sending end and the receiving end. Otherwise, the communication relationship cannot be determined.

本发明的有益效果是:根据本发明的系统和方法,其中双重冗余的思想是指每一枚水印Wi都对应一个大的时间间隔Ri,而每个大的时间间隔内又包含r个小的时间间隔g,水印Wi将被重复嵌入到r个不同的小间隔g内;同时,每个g间隔内都包含多个数据包序列,并最终通过操作数据包时间序列达到嵌入水印的目的;通过采用双重冗余的方法,可以有效提高嵌入的水印在网络传播过程中的稳定性,提高接收端水印的有效检测率,降低误检率。采用本发明基于双重冗余的主动网络流数字水印嵌入方法,可以有效保障发送端嵌入的水印能较安全的抵达接收端,提高接收端水印的检测效率,为有效判断发送端与接收端的通信关系提供依据。The beneficial effects of the present invention are: according to the system and method of the present invention, the idea of double redundancy means that each watermark W i corresponds to a large time interval R i , and each large time interval contains r For a small time interval g, the watermark W i will be repeatedly embedded in r different small intervals g; at the same time, each g interval contains multiple data packet sequences, and finally the embedding watermark is achieved by manipulating the data packet time sequence The purpose; by adopting the double redundancy method, the stability of the embedded watermark in the network propagation process can be effectively improved, the effective detection rate of the watermark at the receiving end can be improved, and the false detection rate can be reduced. Adopting the dual redundancy-based active network flow digital watermark embedding method of the present invention can effectively ensure that the watermark embedded at the sending end can reach the receiving end more safely, improve the detection efficiency of the watermark at the receiving end, and effectively judge the communication relationship between the sending end and the receiving end Provide evidence.

附图说明Description of drawings

图1是双重冗余水印嵌入模型示意图;Figure 1 is a schematic diagram of a dual redundant watermark embedding model;

图2是双重冗余水印嵌入流程示意图;Figure 2 is a schematic diagram of a dual redundant watermark embedding process;

图3是双重冗余水印检测流程示意图;Fig. 3 is a schematic diagram of a double redundant watermark detection process;

图4是主动网络流水印嵌入和检测模型示意图。Figure 4 is a schematic diagram of an active network flow watermark embedding and detection model.

具体实施方式Detailed ways

实施例1Example 1

参见图1和图2所示,本发明的一种基于双重冗余的主动网络流数字水印方法,包括:一种基于双重冗余的主动网络流数字水印方法,其特征在于,包括如下步骤:Referring to Fig. 1 and shown in Fig. 2, a kind of active network flow digital watermarking method based on double redundancy of the present invention, comprises: A kind of active network flow digital watermarking method based on double redundancy, it is characterized in that, comprises the following steps:

A1、在边界路由上捕获发送端发送来的数据流Tf,并确定水印嵌入所需的参数偏移量o,以及需要嵌入水印的数据流段TdA1. Capture the data flow T f sent by the sender on the border route, and determine the parameter offset o required for watermark embedding, and the data flow segment T d that needs to embed the watermark;

A2、将Td段划分成大小相等的2n等份,每份包括k个数据包,其中n=l*r,l是需要嵌入水印的个数,k为第一冗余度,r为第二冗余度;A2. Divide the T d segment into 2n equal parts of equal size, each of which includes k data packets, where n=l*r, l is the number of watermarks that need to be embedded, k is the first redundancy, and r is the first double redundancy;

A3、将每相邻的两个间隔划分成一个小组,共n个小组,即g0,g1,g2,...,gj,...,gn-1,再将这n个g组随机分成l个大组,即R0,R1,...,Ri,...,Rl-1,每个大组里面包含r个g组;A3. Divide every two adjacent intervals into a group, a total of n groups, namely g 0 , g 1 , g 2 ,...,g j ,...,g n-1 , and then divide the n Each g group is randomly divided into l large groups, namely R 0 , R 1 ,...,R i ,...,R l-1 , and each large group contains r g groups;

A4、每个水印Wi均对应一个Ri组,在Ri组内,利用数据包间隔,水印会分别被嵌入r个g组内;A4. Each watermark W i corresponds to one R i group. In the R i group, the watermark will be embedded in r g groups respectively by using the data packet interval;

A5、循环l次步骤4,最终嵌入所有的水印;A5, cycle step 4 for l times, and finally embed all watermarks;

A6、将嵌入水印后的数据流重新放入网络当中,同时将嵌入水印所需的各种参数及原始水印W上传到第三方代理。A6. Put the watermark-embedded data stream back into the network, and at the same time upload various parameters required for embedding the watermark and the original watermark W to the third-party agent.

更进一步,在接收端的边界路由上捕获发送给接收端的数据流,并从第三方代理获得水印检测所需的各种参数及原始水印W。Furthermore, the data flow sent to the receiving end is captured on the border route of the receiving end, and various parameters required for watermark detection and the original watermark W are obtained from a third-party agent.

更进一步,利用参数将捕获的数据流进行同样的间隔划分,在划分好的间隔内,利用水印检测函数,求取每个g组所携带的水印信息。Furthermore, the captured data stream is divided into the same interval by using the parameters, and the watermark information carried by each group g is obtained by using the watermark detection function within the divided interval.

更进一步,统计Ri组内出现次数最多的水印,该水印值即为Ri组最终所携带的最终水印。Furthermore, the watermark with the most occurrences in the R i group is counted, and the watermark value is the final watermark carried by the R i group.

更进一步,将接收端提取的水印W’与原始水印W进行比较,若相同,则发送端与接收端之间存在明确的通信关系,否则,则无法确定其通信关系。Furthermore, compare the watermark W' extracted by the receiving end with the original watermark W, if they are the same, there is a clear communication relationship between the sending end and the receiving end, otherwise, the communication relationship cannot be determined.

更进一步,所述对双重冗余嵌入水印后的检测方法,具体步骤为:Furthermore, the specific steps of the detection method after embedding the watermark to the double redundancy are as follows:

B1、在接收端网络流的入口处提取接收的数据流Tf’;B1. Extract the received data flow T f ' at the entrance of the network flow at the receiving end;

B2、从第三方代理处获得水印提取所需的各种参数,如偏移量o,冗余度k、r,原始水印W,及水印总个数l等;B2. Obtain various parameters required for watermark extraction from a third-party agent, such as offset o, redundancy k, r, original watermark W, and total number of watermarks l, etc.;

B3、利用已获得的水印嵌入参数,重新将接收端的数据流Tf’分成l个R组,即R0’,R1’,R2’,...,Ri’,...,Rl-1’,且每个R’组内包含r个g’组;B3. Using the obtained watermark embedding parameters, re-divide the data stream T f ' at the receiving end into l R groups, namely R 0 ', R 1 ', R 2 ',...,R i ',..., R l-1 ', and each R' group contains r g'groups;

B4、计算第i个水印wi’,即分别利用数据包间隔思想计算Ri’内r个g’组内所携带的水印值,可得到r个水印wij’(j=0,1,...r-1);B4. Calculate the i-th watermark w i ', that is, use the idea of data packet interval to calculate the watermark values carried in r g' groups in R i ' respectively, and r watermarks w ij '(j=0,1, ...r-1);

B5、在r个水印wij’内,统计出现次数最多的水印值,则该值即为Ri’组所携带水印的最终值。B5. Among the r watermarks w ij ', the watermark value with the most occurrence times is counted, and this value is the final value of the watermark carried by the R i ' group.

B6、循环步骤4和步骤5l次,得到接收端的水印序列W’;B6, loop step 4 and step 51 times, obtain the watermark sequence W ' of receiving end;

B7、将发送端的水印序列W和接收端检测到的水印序列W’用CM比较函数进行比较,若相同,则发送端与接收端存在确定的通信关系,否则,则无法确定其通信关系。B7. Compare the watermark sequence W of the sending end with the watermark sequence W' detected by the receiving end using the CM comparison function. If they are the same, there is a definite communication relationship between the sending end and the receiving end. Otherwise, the communication relationship cannot be determined.

图1显示了利用双重冗余对数据流进行水印嵌入的具体操作,图2则给出了该操作的具体流程图。下面结合图1和图2对利用双重冗余进行水印嵌入的具体实施方式进一步说明,主要包括以下几个步骤:Figure 1 shows the specific operation of watermark embedding on the data stream using double redundancy, and Figure 2 shows the specific flow chart of this operation. Below in conjunction with Fig. 1 and Fig. 2, the specific implementation manner of utilizing double redundancy to carry out watermark embedding is further described, mainly including the following steps:

步骤1,运行在边界路由上的代理接收发送端发送来的数据流。Step 1. The proxy running on the border router receives the data flow sent by the sender.

步骤2,选取合适的偏移量o和要嵌入水印的数据段TdStep 2, select the appropriate offset o and the data segment T d to embed the watermark.

步骤3,在Td段内,利用第一冗余度、第二冗余度及其他各种所需参数对数据流进行间隔划分并分组,得到l个R组。Step 3: In the T d section, use the first redundancy, the second redundancy and other required parameters to divide and group the data stream at intervals to obtain l R groups.

步骤4,通过水印嵌入函数,将水印wi嵌入其所对应的Ri组内。Step 4, embed the watermark w i into its corresponding R i group through the watermark embedding function.

步骤5,重复l次步骤4,直到所有水印嵌入完毕。Step 5, repeat step 4 for l times until all watermarks are embedded.

步骤6,将已嵌入水印后的数据流由边界路由转发到网络当中。并将原始水印W以及嵌入水印时所需的各种参数转存到第三方代理。Step 6, forwarding the watermark-embedded data flow to the network through the border route. And dump the original watermark W and various parameters required for embedding the watermark to a third-party agent.

此时,携带水印的发送端数据流已流向网络,为了验证发送端与接收端之间的通信关系,还应在接收端检测数据流携带的水印是否与发送端嵌入的水印相同。At this point, the data stream at the sending end carrying the watermark has flowed to the network. In order to verify the communication relationship between the sending end and the receiving end, it should also be detected at the receiving end whether the watermark carried by the data stream is the same as the watermark embedded at the sending end.

图3给出了在接收端对接收到的数据流进行水印提取的详细流程图,主要步骤如下:Figure 3 shows a detailed flow chart of extracting the watermark from the received data stream at the receiving end. The main steps are as follows:

步骤1,运行在边界路由上的代理捕获发往接收端的数据流Tf’。Step 1, the proxy running on the border router captures the data flow T f ' sent to the receiving end.

步骤2,从第三方代理获得水印嵌入时的各种参数以及原始水印W。Step 2. Obtain various parameters of the watermark embedding and the original watermark W from the third-party agent.

步骤3,按照参数值对接收的数据流进行间隔划分,并用水印检测函数求出每个g’组所携带的水印。Step 3: Divide the received data stream into intervals according to the parameter values, and use the watermark detection function to obtain the watermark carried by each group g'.

步骤4,每个Ri’组内包含r个g’组,统计Ri’组内出现次数最多水印,该水印值即为wi’的最终水印值。将该步骤循环l次,求得最终水印W’。Step 4, each R i ' group contains r g' groups, count the watermark with the most occurrences in the R i ' group, and the watermark value is the final watermark value of w i '. This step is repeated 1 times to obtain the final watermark W'.

步骤5,将检测的水印W’与嵌入端原始水印W进行比较,如果两者相同,则发送端与接收端之间存在明显的通信关系,否则,则不能证明。Step 5. Compare the detected watermark W' with the original watermark W of the embedding end. If they are the same, there is an obvious communication relationship between the sending end and the receiving end. Otherwise, it cannot be proved.

图4则给出了主动网络流水印的整体流程框架示意图,从图中可知,发送端的数据流首先要经过水印嵌入装置,通过根据实际数据确定水印嵌入参数,而后通过水印嵌入函数实现对数据流的水印嵌入,并将水印嵌入所需的各种参数上传到第三方代理;数据流经过水印嵌入装置后才发送到实际网络中。在接受端,水印检测装置先从第三方代理获取检测所需的参数,并捕获发送给接收端的数据流,通过一系列的水印提取,获得数据流所携带的水印,在判决器内,将发送端的原始水印与接收端提取的水印进行比较,根据两端水印是否相同判断发送端与接收端之间的通信关系。Figure 4 shows a schematic diagram of the overall process framework of active network stream watermarking. It can be seen from the figure that the data stream at the sending end first passes through the watermark embedding device, and the watermark embedding parameters are determined according to the actual data, and then the data stream is realized through the watermark embedding function. Embed the watermark of the system, and upload various parameters required for watermark embedding to the third-party agent; the data stream is sent to the actual network after passing through the watermark embedding device. At the receiving end, the watermark detection device first obtains the parameters required for detection from the third-party agent, and captures the data stream sent to the receiving end, and obtains the watermark carried by the data stream through a series of watermark extractions. The original watermark at the receiving end is compared with the watermark extracted at the receiving end, and the communication relationship between the sending end and the receiving end is judged according to whether the watermarks at both ends are the same.

上述实施例仅用来进一步说明本发明的一种基于双重冗余的主动网络流数字水印方法,但本发明并不局限于实施例,凡是依据本发明的技术实质对以上实施例所作的任何简单修改、等同变化与修饰,均落入本发明技术方案的保护范围内。The above-mentioned embodiments are only used to further illustrate a dual redundancy-based active network stream digital watermarking method of the present invention, but the present invention is not limited to the embodiments, and any simple modification made to the above embodiments based on the technical essence of the present invention Modifications, equivalent changes and modifications all fall within the protection scope of the technical solution of the present invention.

Claims (6)

1.一种基于双重冗余的主动网络流数字水印方法,其特征在于,包括如下步骤:1. a kind of active network flow digital watermarking method based on double redundancy, is characterized in that, comprises the steps: A1、在边界路由上捕获发送端发送来的数据流Tf,并确定水印嵌入所需的参数偏移量o,以及需要嵌入水印的数据流段TdA1. Capture the data flow T f sent by the sender on the border route, and determine the parameter offset o required for watermark embedding, and the data flow segment T d that needs to embed the watermark; A2、将Td段划分成大小相等的2n等份,每份包括k个数据包,其中n=l*r,l是需要嵌入水印的个数,k为第一冗余度,r为第二冗余度;A2. Divide the T d segment into 2n equal parts of equal size, each of which includes k data packets, where n=l*r, l is the number of watermarks that need to be embedded, k is the first redundancy, and r is the first double redundancy; A3、将每相邻的两个间隔划分成一个小组,共n个小组,即g0,g1,g2,...,gj,...,gn-1,再将这n个g组随机分成l个大组,即R0,R1,...,Ri,...,Rl-1,每个大组里面包含r个g组;A3. Divide every two adjacent intervals into a group, a total of n groups, namely g 0 , g 1 , g 2 ,...,g j ,...,g n-1 , and then divide the n Each g group is randomly divided into l large groups, namely R 0 , R 1 ,...,R i ,...,R l-1 , and each large group contains r g groups; A4、每个水印Wi均对应一个Ri组,在Ri组内,利用数据包间隔,水印会分别被嵌入r个g组内;A4. Each watermark W i corresponds to one R i group. In the R i group, the watermark will be embedded in r g groups respectively by using the data packet interval; A5、循环l次步骤4,最终嵌入所有的水印;A5, cycle step 4 for l times, and finally embed all watermarks; A6、将嵌入水印后的数据流重新放入网络当中,同时将嵌入水印所需的各种参数及原始水印W上传到第三方代理。A6. Put the watermark-embedded data stream back into the network, and at the same time upload various parameters required for embedding the watermark and the original watermark W to the third-party agent. 2.根据权利要求1所述的一种基于双重冗余的主动网络流数字水印方法,其特征在于:在接收端的边界路由上捕获发送给接收端的数据流,并从第三方代理获得水印检测所需的各种参数及原始水印W。2. A kind of active network stream digital watermarking method based on double redundancy according to claim 1, is characterized in that: capture the data stream sent to the receiving end on the border route of the receiving end, and obtain the watermark detection result from a third-party agent Various parameters required and the original watermark W. 3.根据权利要求1所述的一种基于双重冗余的主动网络流数字水印方法,其特征在于:利用参数将捕获的数据流进行同样的间隔划分,在划分好的间隔内,利用水印检测函数,求取每个g组所携带的水印信息。3. A kind of active network flow digital watermark method based on double redundancy according to claim 1, it is characterized in that: utilize parameter to carry out the same interval division to the captured data flow, in the divided interval, utilize watermark to detect function to obtain the watermark information carried by each group g. 4.根据权利要求1所述的一种基于双重冗余的主动网络流数字水印方法,其特征在于:计Ri组内出现次数最多的水印,该水印即为Ri组最终所携带的最终水印。4. A kind of active network flow digital watermarking method based on double redundancy according to claim 1, is characterized in that: count the watermark with the largest number of occurrences in the R i group, and this watermark is the final final carried by the R i group watermark. 5.根据权利要求1所述的一种基于双重冗余的主动网络流数字水印方法,其特征在于:将接收端提取的水印W’与原始水印W进行比较,若相同,则发送端与接收端之间存在明确的通信关系,否则,则无法确定其通信关系。5. A kind of active network flow digital watermarking method based on double redundancy according to claim 1, characterized in that: the watermark W' extracted by the receiving end is compared with the original watermark W, if they are the same, the sending end and the receiving end There is a clear communication relationship between the terminals, otherwise, the communication relationship cannot be determined. 6.根据权利要求5所述的一种基于双重冗余的主动网络流数字水印方法,其特征在于:还包括对双重冗余嵌入水印后的检测方法,具体步骤为:6. A kind of active network stream digital watermarking method based on double redundancy according to claim 5, is characterized in that: also comprise the detection method after double redundancy is embedded watermark, concrete steps are: B1、在接收端网络流的入口处提取接收的数据流Tf’;B1. Extract the received data flow T f ' at the entrance of the network flow at the receiving end; B2、从第三方代理处获得水印提取所需的各种参数,包括偏移量o,冗余度k、r,B2. Obtain various parameters required for watermark extraction from a third-party agent, including offset o, redundancy k, r, 原始水印W,及水印总个数l;The original watermark W, and the total number of watermarks l; B3、利用已获得的水印嵌入参数,重新将接收端的数据流Tf’分成l个R组,即R0’,R1’,R2’,...,Ri’,...,Rl-1’,且每个R’组内包含r个g’组;B3. Using the obtained watermark embedding parameters, re-divide the data stream T f ' at the receiving end into l R groups, namely R 0 ', R 1 ', R 2 ',...,R i ',..., R l-1 ', and each R' group contains r g'groups; B4、计算第i个水印wi’,即分别利用数据包间隔思想计算Ri’内r个g’组内所携带的水印值,可得到r个水印wij’(j=0,1,...r-1);B4. Calculate the i-th watermark w i ', that is, use the idea of data packet interval to calculate the watermark values carried in r g' groups in R i ' respectively, and r watermarks w ij '(j=0,1, ...r-1); B5、在r个水印wij’内,统计出现次数最多的水印值,则该水印值即为Ri’组所携带水印的最终值;B5. Among the r watermarks w ij ', count the watermark value with the most occurrences, then the watermark value is the final value of the watermark carried by the R i 'group; B6、循环步骤4和步骤5l次,得到接收端的水印序列W’;B6, loop step 4 and step 51 times, obtain the watermark sequence W ' of receiving end; B7、将发送端的水印序列W和接收端检测到的水印序列W’用CM比较函数进行比较,若相同,则发送端与接收端存在确定的通信关系,否则,则无法确定其通信关系。B7. Compare the watermark sequence W of the sending end with the watermark sequence W' detected by the receiving end using the CM comparison function. If they are the same, there is a definite communication relationship between the sending end and the receiving end. Otherwise, the communication relationship cannot be determined.
CN201510703425.3A 2015-10-26 2015-10-26 A kind of Active Networks streaming digital water mark method based on dual redundant Active CN105404797B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510703425.3A CN105404797B (en) 2015-10-26 2015-10-26 A kind of Active Networks streaming digital water mark method based on dual redundant

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510703425.3A CN105404797B (en) 2015-10-26 2015-10-26 A kind of Active Networks streaming digital water mark method based on dual redundant

Publications (2)

Publication Number Publication Date
CN105404797A CN105404797A (en) 2016-03-16
CN105404797B true CN105404797B (en) 2018-10-16

Family

ID=55470283

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510703425.3A Active CN105404797B (en) 2015-10-26 2015-10-26 A kind of Active Networks streaming digital water mark method based on dual redundant

Country Status (1)

Country Link
CN (1) CN105404797B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302433B (en) * 2016-08-11 2019-12-31 华侨大学 A network flow watermark detection method and system based on network traffic prediction and entropy
CN109995742B (en) * 2018-01-02 2021-01-05 国家电网有限公司 Network stream watermark based on data packet interval and detection method thereof
CN117240615B (en) * 2023-11-13 2024-01-30 四川大学 A migration learning network traffic correlation method based on time interval graph watermarking

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102682246A (en) * 2012-05-08 2012-09-19 常熟南师大发展研究院有限公司 Vector geographic data digital watermark method based on data point positioning
CN102750480A (en) * 2012-05-23 2012-10-24 常熟南师大发展研究院有限公司 Automatic watermark embedding method and device for geographic data network sharing platform

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005057406A (en) * 2003-08-01 2005-03-03 Victor Co Of Japan Ltd Method for providing distribution information of distribution data
US8270664B2 (en) * 2007-11-27 2012-09-18 Broadcom Corporation Method and system for utilizing GPS information to secure digital media

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102682246A (en) * 2012-05-08 2012-09-19 常熟南师大发展研究院有限公司 Vector geographic data digital watermark method based on data point positioning
CN102750480A (en) * 2012-05-23 2012-10-24 常熟南师大发展研究院有限公司 Automatic watermark embedding method and device for geographic data network sharing platform

Also Published As

Publication number Publication date
CN105404797A (en) 2016-03-16

Similar Documents

Publication Publication Date Title
CN109117634B (en) Malicious software detection method and system based on network traffic multi-view fusion
Wu et al. DDoS detection and traceback with decision tree and grey relational analysis
CN108616534A (en) A kind of method and system for protecting internet of things equipment ddos attack based on block chain
CN108282497A (en) For the ddos attack detection method of SDN control planes
CN101635658B (en) Method and system for detecting abnormality of network secret stealing behavior
CN103746982B (en) A kind of http network condition code automatic generation method and its system
CN110933060A (en) Excavation Trojan detection system based on flow analysis
CN105429940B (en) A method for extracting zero watermark from network data stream using information entropy and hash function
CN110569408A (en) A digital currency traceability method and system
CN102638474B (en) Application layer DDOS (distributed denial of service) attack and defense method
CN103532957A (en) Device and method for detecting trojan remote shell behavior
CN103957203A (en) Network security defense system
CN114629718B (en) A hidden malicious behavior detection method based on multi-model fusion
CN105404797B (en) A kind of Active Networks streaming digital water mark method based on dual redundant
CN101699787B (en) Worm detection method used for peer-to-peer network
Dai et al. Eclipse attack detection for blockchain network layer based on deep feature extraction
CN102130920A (en) Botnet discovery method and system thereof
CN108574668A (en) A DDoS attack traffic peak prediction method based on machine learning
Oh et al. AppSniffer: Towards robust mobile app fingerprinting against VPN
CN106899978A (en) A kind of wireless network attack localization method
Agrafiotis et al. A deep learning-based malware traffic classifier for 5G networks employing protocol-agnostic and PCAP-to-embeddings techniques
Wu et al. DDoS detection and traceback with decision tree and grey relational analysis
Hsu et al. Detecting Web‐Based Botnets Using Bot Communication Traffic Features
Qiao et al. Detecting parasite P2P botnet in eMule-like networks through quasi-periodicity recognition
CN109995742B (en) Network stream watermark based on data packet interval and detection method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant