CN105429940A - Method for zero watermark extraction of network data stream by employing information entropy and hash function - Google Patents

Method for zero watermark extraction of network data stream by employing information entropy and hash function Download PDF

Info

Publication number
CN105429940A
CN105429940A CN201510701787.9A CN201510701787A CN105429940A CN 105429940 A CN105429940 A CN 105429940A CN 201510701787 A CN201510701787 A CN 201510701787A CN 105429940 A CN105429940 A CN 105429940A
Authority
CN
China
Prior art keywords
extraction
zero watermarking
network
hash function
zero
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510701787.9A
Other languages
Chinese (zh)
Other versions
CN105429940B (en
Inventor
陈永红
侯雪艳
田晖
王田
蔡奕侨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaqiao University
Original Assignee
Huaqiao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaqiao University filed Critical Huaqiao University
Priority to CN201510701787.9A priority Critical patent/CN105429940B/en
Publication of CN105429940A publication Critical patent/CN105429940A/en
Application granted granted Critical
Publication of CN105429940B publication Critical patent/CN105429940B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a method for zero watermark extraction of a network data stream by employing information entropy and a hash function. According to the algorithm, in original traffic of a transmitting terminal, the fragmentation of the data stream is performed according to time, statistics of the distribution condition of sizes of data packets is performed, Shannon entropy is calculated, and zero watermark extraction of the data stream is performed by employing the hash function; at a receiving terminal, zero watermark extraction of received traffic is performed again by employing the same method; and whether the transmitting terminal and the receiving terminal have an obvious network communication relation is confirmed via comparison of zero watermarks extracted at two terminals. By employing the extraction and detection method of a network stream zero watermark system, the network communication relation between the transmitting terminal and the receiving terminal in an anonymous communication system can be effectively determined, and theoretical basis is provided for DDoS attack localization.

Description

A kind of method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking
Technical field
The communicating pair relation under Anonymizing networks environment that the present invention relates to confirms field, in particular, relates to a kind of comentropy and hash function of utilizing and carries out the method for watermark extracting to network flow, and a kind of extraction of network flow zero watermarking and detection system.
Background technology
Along with the develop rapidly of global IT application, computer network has been one of the most breathtaking new and high technology in the world today.The resource-sharing of network, information exchange and distributed treatment bring great convenience to study, work, scientific research.But the various attacks emerged in an endless stream, bring huge potential threat and destruction to computer network and system.
Since entering 2000, network is constantly occurred by attack, and show according to " FBI computer crime in 2003 and safety survey ", DDOS attack is the network crime be number two, and quantity constantly rises.
Ddos attack initiates to target of attack the useless message taking the network bandwidth in a large number by control multiple stage puppet main frame, consumes the System and Network resource of target of attack, make it externally normally cannot provide service with this.Due to the sudden of attack traffic and the randomness of address, this attack is caused to be difficult to distinguish from sudden normal discharge by traditional detection technique based on traffic monitoring.
In numerous ddos attacks, SYNFlood is undoubtedly current classics the most and the attack type be widely used most, which utilizes the leak in Transmission Control Protocol realization, can have an impact to all network equipments based on ICP/IP protocol stack.
The specific works principle that SYNFlood attacks is: by sending the attack message of a large amount of cook source address to the open port of destination server, the half-open connection queue in server network protocol stack is caused to take buffer memory, finally the machine of delaying quits work, and other users can not normally be accessed.Various operating system, even the fire compartment wall, router etc. of poor-performing all cannot defend this attack mode effectively.And by various network tool, this attack can cook source address easily, and this makes pursuit attack, and person becomes very difficult.
For the feature that SYNFlood attacks, the fundamental way of solution follows the tracks of attack stream, finds out attack path and find attack source, Here it is IP retrogressive method.
IP backtracking is intended to find attacker from by attacker, is a kind of method focusing on deterrence.IP backtracking is broadly divided into two classes.
One class is the attack recalling certain flow.Major defect is: (1) modifies to IP agreement; (2) when attack traffic is enough large, backtracking performance can accept, and to low discharge and single packet attack, rate of false alarm and rate of failing to report are all quite high.
Another kind of is the attack recalling any flow, comprises single packet attack.General principle is: when router forwards grouping, also carry out record to grouping information; Backtracking is to determine the router of grouping process by inquiry packets record.This kind of scheme key issue is: because router storage resources is limited, grouped record is easily lost.
For this reason, we have invented the IP retrogressive method based on data flow zero watermarking.
Digital watermarking is in data multimedia (as image, sound, vision signal etc.), add some digital information to reach the functions such as file True-false distinguish, copyright protection the earliest.For marked network flow, watermark was introduced in network security afterwards.
Network flow zero watermarking is the new research direction of of current data flow watermark, its thought utilizes some key character of original flow to construct the watermark that can uniquely identify, therefore original data stream also just think contained this watermark and possessed some mark.The maximum feature of zero watermarking is exactly any data not changing original flow, ensure that the invisibility of watermark, therefore there is not the problems such as data-flow quality declines or watermark amount is limited.
Summary of the invention
The object of invention is the deficiency overcoming prior art, provide a kind of utilize comentropy and hash function to carry out the extraction of network data flow zero watermarking method and a kind of IP backtracking system of stream zero watermarking Network Based.
The technical solution adopted for the present invention to solve the technical problems is: provide a kind of method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking, comprise: in the original flow of transmitting terminal, by temporally carrying out burst to data flow, the distribution situation of statistical data packet size also calculates Shannon entropy, utilizes hash function to carry out the extraction of zero watermarking to it; At receiving terminal, profit uses the same method and again carries out zero watermarking extraction to the flow received; Relatively confirm whether transmitting terminal and receiving terminal exist obvious network service relation by the zero watermarking that extracts two ends.
Preferably, the step of the extraction of described network flow zero watermarking is:
The original data stream t of A1, acquisition transmitting terminal, chooses suitable side-play amount o, carries out burst according to regular hour sheet size T to data stream, obtain l timeslice.
A2, in each timeslice size, the distribution situation of statistical data packet size; Calculate in each time interval, the times N that different bag size occurs ij(i △ t);
A3, calculate in each time interval, different size contracts out existing probability:
P ij(i△t)=N ij(i△t)/∑ sum j=1N ij(i△t)
Wherein, N ij(i △ t) represents in i-th time interval, and onesize contracts out existing number of times; ∑ sum j=1n ij(i △ t) represents in the same time interval, different size contract out existing total degree, sum represent different large parcel in this time interval and;
A4, the value condition representing different large parcel in each time interval with stochastic variable X, utilize aromatic formula, calculate the Shannon entropy in each timeslice:
H(X)’=-∑ n j=1p(x j)logp(x j)
P (x j) probability when representing a certain particular value in stochastic variable;
A5, quantification treatment is carried out to comentropy H (X) ':
H(X)=H(X)’*a
Wherein, a is quantization unit.
A6, input one group of secret key Key, carry out Hash with the Shannon entropy H (X) after quantizing, obtain required watermark:
W i=HASH(Key i,H(X i))
Wherein, W ibeing the final watermark required, is also the characteristic quantity of this data flow, Key ii-th secret key, H (X i) be the entropy of i-th timeslice, HASH () is the hash function asked needed for watermark.
Preferably, collect the traffic flow information from transmitting terminal at the border routing of transmitting terminal, it is carried out to the extraction of zero watermarking, and the zero watermarking W of extraction and extracting parameter are dumped to third-party agent.
Preferably, collect at the border routing of receiving terminal the traffic flow information sending to receiving terminal, obtain zero water from third-party agent
Various parameters needed for print extraction, utilize the step of the extraction of zero watermarking to extract entrained by data flow zero of receiving terminal reception
Watermark W ', and be sent to third-party agent; Transmitting terminal is compared whether identical with the zero watermarking of receiving terminal by third-party agent.
Preferably, comprise the steps:
B1, by attacker, first utilize network flow zero watermarking, determine that attack stream comes from border routing;
B2, the method using zero watermarking extraction and network service relation to confirm confirm the position of the upper route that public long-pending stream flows through;
B3, repetition step B2 are until be locked in attack stream in a certain specific local network;
B4, when lock a certain router or local area network (LAN) time, according to zero watermarking extract method determine the main frame route that attack stream flows through, attack source is locked in certain or a few physical machine the most at last, with this realize IP backtracking.
1) the invention has the beneficial effects as follows: by attacker, first utilize network flow zero watermarking, determine that attack stream comes from which router or switch, find with this path that attack stream flows through.
2) when locking a certain router or local area network (LAN), as springboard, the source confirming attack stream to the router be connected with self is continued, further the path of backtracking attack stream.
Circulation like this is gone down, then attack source can be locked between a certain local area network (LAN) or a few main frames.
Below in conjunction with drawings and Examples, the present invention is described in further detail; But a kind of method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking of the present invention is not limited to embodiment.
Accompanying drawing explanation
Fig. 1 utilizes comentropy and hash function to carry out the block schematic illustration of zero watermarking extraction to network flow;
Fig. 2 utilizes comentropy and hash function to carry out the schematic flow sheet of zero watermarking extraction to network flow;
Fig. 3 is the network frame schematic diagram utilizing zero watermarking to carry out correspondence confirmation;
Fig. 4 is the overall flow schematic diagram utilizing zero watermarking to carry out correspondence confirmation;
Fig. 5 utilizes zero watermarking to carry out IP to recall schematic diagram.
Embodiment
Embodiment 1
See shown in Fig. 1 to Fig. 5, a kind of method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking of the present invention, comprise: in the original flow of transmitting terminal, by temporally carrying out burst to data flow, the distribution situation of statistical data packet size also calculates Shannon entropy, utilizes hash function to carry out the extraction of zero watermarking to it; At receiving terminal, profit uses the same method and again carries out zero watermarking extraction to the flow received; Relatively confirm whether transmitting terminal and receiving terminal exist obvious network service relation by the zero watermarking that extracts two ends.
Preferably, the step of the extraction of described network flow zero watermarking is:
The original data stream t of A1, acquisition transmitting terminal, chooses suitable side-play amount o, carries out burst according to regular hour sheet size T to data stream, obtain l timeslice.
A2, in each timeslice size, the distribution situation of statistical data packet size; Calculate in each time interval, the times N that different bag size occurs ij(i △ t);
A3, calculate in each time interval, different size contracts out existing probability:
P ij(i△t)=N ij(i△t)/∑ sum j=1N ij(i△t)
Wherein, N ij(i △ t) represents in i-th time interval, and onesize contracts out existing number of times; ∑ sum j=1n ij(i △ t) represents in the same time interval, different size contract out existing total degree, sum represent different large parcel in this time interval and;
A4, the value condition representing different large parcel in each time interval with stochastic variable X, utilize aromatic formula, calculate the Shannon entropy in each timeslice:
H(X)’=-∑ n j=1p(x j)logp(x j)
P (x j) probability when representing a certain particular value in stochastic variable;
A5, quantification treatment is carried out to comentropy H (X) ':
H(X)=H(X)’*a
Wherein, a is quantization unit.
A6, input one group of secret key Key, carry out Hash with the Shannon entropy H (X) after quantizing, obtain required watermark:
W i=HASH(Key i,H(X i))
Wherein, W ibeing the final watermark required, is also the characteristic quantity of this data flow, Key ii-th secret key, H (X i) be the entropy of i-th timeslice, HASH () is the hash function asked needed for watermark.
Preferably, collect the traffic flow information from transmitting terminal at the border routing of transmitting terminal, it is carried out to the extraction of zero watermarking, and the zero watermarking W of extraction and extracting parameter are dumped to third-party agent.
Preferably, the traffic flow information sending to receiving terminal is collected at the border routing of receiving terminal, obtain the various parameters needed for zero watermarking extraction from third-party agent, utilize the step of the extraction of zero watermarking to extract the zero watermarking W ' entrained by data flow of receiving terminal reception, and be sent to third-party agent; Transmitting terminal is compared whether identical with the zero watermarking of receiving terminal by third-party agent.
Preferably, comprise the steps:
B1, by attacker, first utilize network flow zero watermarking, determine that attack stream comes from border routing;
B2, the method using zero watermarking extraction and network service relation to confirm confirm the position of the upper route that public long-pending stream flows through;
B3, repetition step B2 are until be locked in attack stream in a certain specific local network;
B4, when lock a certain router or local area network (LAN) time, according to zero watermarking extract method determine the main frame route that attack stream flows through, attack source is locked in certain or a few physical machine the most at last, with this realize IP backtracking.
Fig. 1 shows and utilizes comentropy and hash function to the specific operation process of data flow, and Fig. 2 then gives the particular flow sheet of this operation.Being further described utilizing comentropy and hash function to carry out zero watermarking extraction below in conjunction with Fig. 1 and Fig. 2, mainly comprising following step:
Step 1, by operating in the agency on local area network (LAN) border routing, collects the traffic flow information forwarded through this route.
Step 2, to different data flow, according to the side-play amount needed for certain rule interestingness extraction watermark and the time interval.
Step 3, according to data package size distribution, calculates the comentropy in each interval, and quantizes it.
Step 4, inputs one group of secret key, utilizes given hash function, asks for this data flow characteristics amount, i.e. watermark W in conjunction with the comentropy after quantizing.
Step 5, by the various parameter unloadings needed for this watermark W and extraction watermark in third-party agent.
In order to verify the correspondence really existing between transmitting terminal and receiving terminal and determine, the extraction of corresponding watermark also need be carried out at receiving terminal.
Fig. 3 shows the network frame figure utilizing zero watermarking to carry out the confirmation of network service relation, and Fig. 4 then gives the overall flow figure that communicating pair carries out correspondence confirmation.Below in conjunction with Fig. 3 and Fig. 4, general description is carried out to the confirmation of communicating pair relation, mainly comprises following step:
Step 1, according to method described in Fig. 1 and Fig. 2, the watermark W entrained by transmitting terminal data flow has extracted and has uploaded to third-party agent by transmitting terminal border routing.
Step 2, operates in the agency on receiving terminal border routing, collects the traffic flow information being transmitted to receiving terminal.
Step 3, reads the various parameter informations extracted needed for watermark from third-party agent.
Step 4, defers to the watermark extracting method shown in Fig. 1 and Fig. 2 according to known parameter, again carries out watermark extracting to the data flow received, if the watermark that receiving terminal extracts is W '.
Step 5, dumps to the watermark W ' that receiving terminal extracts in third-party agent.
Step 6, at third-party agent, compares according to watermark W and W ' of certain algorithm to extracted twice.If both W with W ' are identical, then there is obvious correspondence between provable transmitting terminal and receiving terminal; Otherwise, then can not prove.
Although SYNFlood attacks can spoofed IP, all IP forged are all from same main frame or same local area network (LAN).Concrete steps are recalled as shown in Figure 5 to the IP that SYNFlood attacks:
Step 1, we suppose that this attack is from external network (internal network retrogressive method is the same, just simpler), and can be determined by the method for above-mentioned network zero watermarking, attack stream is from border router.
Step 2, between each router of the Internet, uses the zero watermarking extracting method shown in Fig. 1 and Fig. 3 and communicating pair relation confirmation method, confirms the position of the upper router that attack stream flows through.
Step 3, repeats step 2, until be locked in a certain specific local network by attack stream.
Step 4, in local area network (LAN), repeating step 2, is no longer now the confirmation of network service relation between router, but route and main frame, or the confirmation of correspondence between main frame and main frame.
Step 5, repeat step 4, attack stream is locked on certain or a few main frames the most at last.
Above-described embodiment is only used for further illustrating a kind of method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking of the present invention; but the present invention is not limited to embodiment; every above embodiment is done according to technical spirit of the present invention any simple modification, equivalent variations and modification, all fall in the protection range of technical solution of the present invention.

Claims (5)

1. the method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking, it is characterized in that, comprise: in the original flow of transmitting terminal, by temporally carrying out burst to data flow, the distribution situation of statistical data packet size also calculates Shannon entropy, utilizes hash function to carry out the extraction of zero watermarking to it; At receiving terminal, profit uses the same method and again carries out zero watermarking extraction to the flow received; Relatively confirm whether transmitting terminal and receiving terminal exist obvious network service relation by the zero watermarking that extracts two ends.
2. a kind of method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking according to claim 1, is characterized in that: the step of the extraction of described network flow zero watermarking is:
The original data stream t of A1, acquisition transmitting terminal, chooses suitable side-play amount o, carries out burst according to regular hour sheet size T to data stream, obtain l timeslice.
A2, in each timeslice size, the distribution situation of statistical data packet size; Calculate in each time interval, the times N that different bag size occurs ij(i △ t);
A3, calculate in each time interval, different size contracts out existing probability:
P ij(i△t)=N ij(i△t)/∑ sum j=1N ij(i△t)
Wherein, N ij(i △ t) represents in i-th time interval, and onesize contracts out existing number of times; ∑ sum j=1n ij(i △ t) represents in the same time interval, different size contract out existing total degree, sum represent different large parcel in this time interval and;
A4, the value condition representing different large parcel in each time interval with stochastic variable X, utilize aromatic formula, calculate the Shannon entropy in each timeslice:
H(X)’=-∑ n j=1p(x j)logp(x j)
P (x j) probability when representing a certain particular value in stochastic variable;
A5, quantification treatment is carried out to comentropy H (X) ':
H(X)=H(X)’*a
Wherein, a is quantization unit.
A6, input one group of secret key Key, carry out Hash with the Shannon entropy H (X) after quantizing, obtain required watermark:
W i=HASH(Key i,H(X i))
Wherein, W ibeing the final watermark required, is also the characteristic quantity of this data flow, Key ii-th secret key, H (X i) be the entropy of i-th timeslice, HASH () is the hash function asked needed for watermark.
3. a kind of method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking according to claim 2, it is characterized in that: collect the traffic flow information from transmitting terminal at the border routing of transmitting terminal, it is carried out to the extraction of zero watermarking, and the zero watermarking W of extraction and extracting parameter are dumped to third-party agent.
4. a kind of method utilizing comentropy and hash function to carry out the extraction of network data flow zero watermarking according to claim 3, it is characterized in that: collect at the border routing of receiving terminal the traffic flow information sending to receiving terminal, the various parameters needed for zero watermarking extraction are obtained from third-party agent, utilize the step of the extraction of zero watermarking to extract the zero watermarking W ' entrained by data flow of receiving terminal reception, and be sent to third-party agent; Transmitting terminal is compared whether identical with the zero watermarking of receiving terminal by third-party agent.
5. a kind of method of carrying out IP backtracking according to claim 1, is characterized in that: comprise the steps:
B1, by attacker, first utilize network flow zero watermarking, determine that attack stream comes from border routing;
B2, the method using zero watermarking extraction and network service relation to confirm confirm the position of the upper route that public long-pending stream flows through;
B3, repetition step B2 are until be locked in attack stream in a certain specific local network;
B4, when lock a certain router or local area network (LAN) time, according to zero watermarking extract method determine the main frame route that attack stream flows through, attack source is locked in certain or a few physical machine the most at last, with this realize IP backtracking.
CN201510701787.9A 2015-10-26 2015-10-26 A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function Active CN105429940B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510701787.9A CN105429940B (en) 2015-10-26 2015-10-26 A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510701787.9A CN105429940B (en) 2015-10-26 2015-10-26 A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function

Publications (2)

Publication Number Publication Date
CN105429940A true CN105429940A (en) 2016-03-23
CN105429940B CN105429940B (en) 2019-03-12

Family

ID=55507882

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510701787.9A Active CN105429940B (en) 2015-10-26 2015-10-26 A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function

Country Status (1)

Country Link
CN (1) CN105429940B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302433A (en) * 2016-08-11 2017-01-04 华侨大学 A kind of network flow method of detecting watermarks based on predicting network flow and entropy and system
CN106686007A (en) * 2017-03-03 2017-05-17 南京理工大学 Active flow analysis method for finding intranet controlled rerouting nodes
CN109005175A (en) * 2018-08-07 2018-12-14 腾讯科技(深圳)有限公司 Network protection method, apparatus, server and storage medium
CN110912895A (en) * 2019-11-26 2020-03-24 华侨大学 Network data flow tracing method based on perceptual hash
CN111031006A (en) * 2019-11-22 2020-04-17 国网浙江省电力有限公司绍兴供电公司 Intelligent power grid communication anomaly detection method based on network flow
CN114124467A (en) * 2021-10-29 2022-03-01 中国电子科技集团公司第三十研究所 FreeNet anonymous flow detection method and system in open network mode

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302433A (en) * 2016-08-11 2017-01-04 华侨大学 A kind of network flow method of detecting watermarks based on predicting network flow and entropy and system
CN106302433B (en) * 2016-08-11 2019-12-31 华侨大学 Network flow watermark detection method and system based on network flow prediction and entropy
CN106686007A (en) * 2017-03-03 2017-05-17 南京理工大学 Active flow analysis method for finding intranet controlled rerouting nodes
CN106686007B (en) * 2017-03-03 2020-06-02 南京理工大学 Active flow analysis method for discovering intranet controlled rerouting node
CN109005175A (en) * 2018-08-07 2018-12-14 腾讯科技(深圳)有限公司 Network protection method, apparatus, server and storage medium
CN111031006A (en) * 2019-11-22 2020-04-17 国网浙江省电力有限公司绍兴供电公司 Intelligent power grid communication anomaly detection method based on network flow
CN110912895A (en) * 2019-11-26 2020-03-24 华侨大学 Network data flow tracing method based on perceptual hash
CN110912895B (en) * 2019-11-26 2022-03-04 华侨大学 Network data flow tracing method based on perceptual hash
CN114124467A (en) * 2021-10-29 2022-03-01 中国电子科技集团公司第三十研究所 FreeNet anonymous flow detection method and system in open network mode
CN114124467B (en) * 2021-10-29 2023-05-05 中国电子科技集团公司第三十研究所 FreeNet anonymous flow detection method and system in open network mode

Also Published As

Publication number Publication date
CN105429940B (en) 2019-03-12

Similar Documents

Publication Publication Date Title
Al‐Turjman et al. An overview of security and privacy in smart cities' IoT communications
Chen et al. Design and implementation of IoT DDoS attacks detection system based on machine learning
CN105429940A (en) Method for zero watermark extraction of network data stream by employing information entropy and hash function
Lu et al. Review and evaluation of security threats on the communication networks in the smart grid
Durcekova et al. Sophisticated denial of service attacks aimed at application layer
JP4683383B2 (en) Method and system for resilient packet reverse detection in wireless mesh and sensor networks
Goher et al. Covert channel detection: A survey based analysis
Sanmorino et al. DDoS attack detection method and mitigation using pattern of the flow
CN109327426A (en) A kind of firewall attack defense method
CN106375157B (en) A kind of network flow correlating method based on phase space reconfiguration
Mittal et al. A review of DDOS attack and its countermeasures in TCP based networks
CN104917765A (en) Attack prevention method, and equipment
Tang et al. A simple framework for distributed forensics
Aljifri et al. IP traceback using header compression
Yaseen et al. A secure energy-aware adaptive watermarking system for wireless image sensor networks
Soni et al. A L-IDS against dropping attack to secure and improve RPL performance in WSN aided IoT
Jeyanthi et al. RQA based approach to detect and prevent DDoS attacks in VoIP networks
Zhang et al. On effective data aggregation techniques in host–based intrusion detection in manet
Vijayalakshmi et al. IP traceback system for network and application layer attacks
CN107835168A (en) A kind of authentication method being multiplied based on client information sequence spreading matrix transposition
Wang et al. DoS attacks and countermeasures on network devices
Swati et al. Design and analysis of DDoS mitigating network architecture
Bar-Yosef et al. Remote algorithmic complexity attacks against randomized hash tables
Balyk et al. A survey of modern IP traceback methodologies
Zhu et al. Unmixing mix traffic

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant