CN109309644A - A kind of network watermark labeling method and system based on biorthogonal carrier - Google Patents

A kind of network watermark labeling method and system based on biorthogonal carrier Download PDF

Info

Publication number
CN109309644A
CN109309644A CN201710616391.3A CN201710616391A CN109309644A CN 109309644 A CN109309644 A CN 109309644A CN 201710616391 A CN201710616391 A CN 201710616391A CN 109309644 A CN109309644 A CN 109309644A
Authority
CN
China
Prior art keywords
information
watermark
gravity
parlor
time interval
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710616391.3A
Other languages
Chinese (zh)
Other versions
CN109309644B (en
Inventor
王利明
雷程
杨倩
马多贺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201710616391.3A priority Critical patent/CN109309644B/en
Publication of CN109309644A publication Critical patent/CN109309644A/en
Application granted granted Critical
Publication of CN109309644B publication Critical patent/CN109309644B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/608Watermarking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Image Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of network watermark labeling method based on biorthogonal carrier, step includes: capture network data flow, therefrom extract essential information and characteristic information, the essential information is the five-tuple stream information of<source IP address, purpose IP address, source port number, destination slogan, protocol number>, and this feature information includes time interval gravity center characteristics and parlor delay characteristics;Watermark information is generated according to the essential information;Using the time interval gravity center characteristics and parlor delay characteristics as time interval center of gravity carrier and parlor time delay carrier, processing is orthogonalized to two kinds of carriers;Using the watermarking algorithm based on time interval center of gravity and parlor time delay, it is embedded in the watermark information to the time interval center of gravity carrier and parlor time delay carrier, sends data packet, completes network watermark label.

Description

A kind of network watermark labeling method and system based on biorthogonal carrier
Technical field
The invention belongs to computer network security fields, it particularly relates to arrive a kind of network based on biorthogonal carrier Watermarking method and system.
Background technique
The continuous universal and in-depth of network application, so that on the one hand internet is profoundly affecting people's lives mode, Breed the new normality of society's operating;On the other hand also become national strategy critical infrastructures, support the important neck of country Effective operating in domain.As distributed computing, cloud storage, big data come one after another, Internet of Things, mobile Internet, electronic eyes, The characteristics of technologies such as robot and unmanned plane continue to develop, data exchange is maked rapid progress: it is special that distributed structure/architecture is presented in data center Point;Extension trend is presented in data scale;It obtains method of service and virtualization feature is presented.Therefore, data exchange require it is quicker, More reliable, more controllable, thus stream exchange is come into being.
As stream exchanges the growing day by day of application, the safety problem for flowing exchange is increasingly prominent.Such as " prism door ", SWIFT Banking system disturbance, 2.7 hundred million Gmail and Hotmail accounts such as are revealed at the commonplace of considerable safeties event.CNCERT exists The report published in 2016 shows that overseas ten hundreds of wooden horse control terminal IP dig-ins the electricity that China mainland over one hundred ten thousand is controlled Brain, they are permeated and are stolen secret information to my network using " springboard attack ".At the same time, with the continuous popularization of cloud storage technology It is increasingly developed with attack means, the leakage of sensitive data caused by the information stealth based on intermediate springboard, based on Botnet It is growing day by day that server caused by ddos attack can not normally provide the problems such as service harmfulness.
It carefully analyzes it is not difficult to find that having the attack for data center server regardless of its principle and means, greatly All springboard and anonymous communication technology is combined to hide to realize to attack source and attack path.Attacker mainly passes through destruction stream body Part information weakens association stream similar features, reaches to hide and flows identity information, concealment stream exchange range and hidden stream switching path Purpose causes stream identity in stream exchange unknowable;Stream exchange range is uncontrollable and switching path can not target-seeking problem.It is same with this When, since stream exchange has the characteristics that cross to delay sensitive, multithread.Compared to existing exchange system, stream exchanges application system, E-Government business platform such as Internet-based, financial application, in real time analysis system, have and hand over delay sensitive, multithread It converges, the features such as structure is complicated.Existing secured exchange technology research, such as digital signature, MAC, that there are resource consumptions is big, time delay is high The problems such as, stream switched environment can not be adapted to, be difficult to meet stream secure exchange demand.
Therefore, network flow digital watermark comes into being, and network flow watermark is to pass through convection current some aspects characteristic in built-in end It is modulated to enhance the similitude of related streams;It is related to reach identification stream by extracting the stream watermark information of binding in receiving end The technology of property purpose.Currently, network flow digital watermark is mainly used for jump attack detecting, anonymous communication is associated with, sensitive data is let out Reveal block and trace to the source etc..However, because there is following two in existing stream watermarking project:
1) existing network flowing water print only indicates a data stream " labeled " or " not being labeled ", without any other Meaning, therefore data source can not be carried out according to watermark information and differentiated and transmission path tracking.
2) existing network watermark only chooses single traffic characteristic as carrier, be unable to satisfy watermark information amount to be embedded greatly and Requirement of the different application scene to watermark properties, therefore single traffic characteristic capacity is limited, stream watermark information is easily disturbed or moves It removes.
Summary of the invention
In view of this, the invention proposes a kind of network watermark labeling method and system based on biorthogonal carrier, we Method and system realize that this method chooses the stream feature for being respectively provided with strong robustness and highly concealed type based on OpenStack cloud platform As watermark carrier, the network flow watermark made is applicable to heterogeneous networks situation.At the same time, at by the orthogonalization of complex carries The mutual interference that reason prevents flowing water from printing.On this basis, separately design watermark embedding and detection algorithm based on time interval center of gravity and Watermark embedding and detection algorithm based on inter-packet gap takes into account the robustness and concealment of watermark.
In order to solve the above technical problems, the present invention adopts the following technical scheme:
A kind of network watermark labeling method based on biorthogonal carrier, step include:
Network data flow is captured, therefrom essential information is extracted and characteristic information, this feature information includes time interval center of gravity Feature and parlor delay characteristics;
Watermark information is generated according to the essential information;
When using the time interval gravity center characteristics and parlor delay characteristics as time interval center of gravity carrier and parlor Prolong carrier, processing is orthogonalized to two kinds of carriers;
Using the watermarking algorithm based on time interval center of gravity and parlor time delay, to the time interval center of gravity carrier and Parlor time delay carrier is embedded in the watermark information, sends data packet, completes network watermark label.
Further, the essential information is < source IP address, purpose IP address, source port number, destination slogan, agreement Number > five-tuple stream information.
Further, when generating watermark information according to the essential information, time, security level, category are additionally added As stream identity information, watermark encoder is generated by way of shared encryption key.
Further, when orthogonalization process, the time interval center of gravity carrier is first modulated, parlor time delay described in re-modulation carries Body.
Further, it first is embedded in watermark information to the time interval center of gravity carrier, then is carried to the parlor time delay center of gravity Body is embedded in watermark information.
Further, the transmission time information for being spaced first data packet is read when sending the data packet, while sending should Transmission time information and the essential information and watermark information.
A kind of watermark embedding method based on time interval center of gravity or parlor time delay, step include:
Network data flow is captured, therefrom essential information is extracted and characteristic information, this feature information includes time interval center of gravity Feature or parlor delay characteristics;
Watermark information is generated according to the essential information;
Using the time interval gravity center characteristics as time interval center of gravity carrier, or using the parlor delay characteristics as Parlor time delay carrier;
Using the watermarking algorithm based on time interval center of gravity, the time interval center of gravity carrier is randomly selected, to institute The watermark information is embedded in after stating the grouping of time interval center of gravity carrier;Or the watermarking algorithm based on parlor time delay is utilized, The parlor time delay carrier is randomly selected, is embedded in the watermark letter after carrying out quantization index modulation to the parlor time delay carrier Breath.
Further, if the time interval center of gravity carrier or parlor time delay carrier can not be embedded in complete watermark letter Breath, then regenerate watermark information according to the data stream size of the acquisition;If there are also remaining after being embedded in complete watermark information Carrier to be embedded, then be embedded in watermark information to the carrier loop to be embedded.
A kind of network watermark detection method, step include:
Data flow with watermarked information is obtained, therefrom essential information is extracted and characteristic information, this feature information includes the time It is spaced gravity center characteristics and/or parlor delay characteristics;
Using the watermark detection algorithms based on time interval center of gravity and/or parlor time delay, extracts and be based on the time interval The watermark information of gravity center characteristics and/or parlor delay characteristics;
According to the essential information, requests and obtain original watermark information;
The watermark information and the original watermark information are compared, the data flow of given threshold is higher than to accuracy It is authenticated, for the data flow that certification passes through, it is allowed to pass through network node;To accuracy lower than given threshold and certification Unsanctioned data flow is abandoned, and reports warning information.
A kind of network watermark method for tracing, step include:
Warning information is collected to trace to the source to suspicious data stream transmission path according to essential information and warning information;
The suspicious data stream transmission path is extracted, is reconstructed according to forward-path of the time sequencing to suspicious data stream And display.
A kind of watermarking agent node, comprising:
It is special to collect data flow essential information, time interval center of gravity for capturing network data flow for one data flow acquisition module It seeks peace parlor delay characteristics information, and generates data flow characteristics statistical data;
One watermark generation module, for generating watermark information according to data flow essential information;
One watermark embedding module is used for modulated data stream, is embedded in watermark information to carrier;
One watermark detection module identifies the watermark information of extraction for demodulating data flow with watermarked information;
One spatial cache maintenance module, for storing data stream and watermark information by way of data buffer storage queue;
One time window maintenance module, for realizing time window mechanism, specifically: the time of maintenance one fixed width time interval Window, the time window slide on the buffer queue to the increased direction of timing, skids off time window on the buffer queue Data be deleted, queue space is released.
A kind of watermark Scout service device, comprising:
One spatial cache maintenance module, for storing the warning information reported, data flow and watermark mapping relation information;
One security policy module, for generating the access control policy based on watermark information;
One watermark tracing module, based on network topology, according to essential information and warning information to suspicious data stream Transmission path extracts, and is reconstructed and shows according to forward-path of the time sequencing to suspicious data stream.
A kind of network watermark tagging system based on biorthogonal carrier, including a watermark Scout service device and multiple institutes Watermarking agent node is stated, the watermark Scout service device is built in cloud platform control node, and the watermarking agent node is established In in each calculate node of cloud platform and borde gateway.
For the present invention integrally using distributed insertion and detection framework, watermarking system can be with cloud computing system scale Expand flexible expansion, both can control the transmission range of data flow, while can also be chased after in real time to suspicious data flow path Track.Watermarking agent node is started with from data source, according to stream essential information and security constraints etc. to the number of outflow server According to line flag is flowed into, the uniqueness and credibility of data flow identity ensure that;At the same time, using time interval center of gravity and parlor Time delay carrier is applicable to different application demands so that watermark information has taken into account robustness and concealment.In addition, devising Watermark embedding method based on time interval center of gravity and parlor time delay, it is not necessary to modify packet contents, it is only necessary to by network number Subtle adjustment is carried out according to the sending time of stream, not only ensure that the efficient of watermark insertion, while being suitable for encryption flow.Watermark chases after Track server is driving with event based on essential information and watermark information, right using warning information and time partial ordering relation Suspicious data stream, which is tracked, traces to the source and real-time control, thus under the conditions of to delay sensitive, multithread cross, structure is complicated, it is real It now jumps attack detecting, anonymous communication association, sensitive data leakage blocking and traces to the source.
Detailed description of the invention
Fig. 1 is a kind of network watermark tagging system implementation diagram based on biorthogonal carrier of the present invention.
Fig. 2 is a kind of network watermark tagging system schematic diagram based on biorthogonal carrier of the present invention.
Fig. 3 is a kind of network watermark labeling method flow chart based on biorthogonal carrier of the present invention.
Fig. 4 A is a kind of watermark embedding method flow chart based on time interval center of gravity of the present invention.
Fig. 4 B is a kind of method of detecting watermarks flow chart based on time interval center of gravity of the present invention.
Fig. 5 A is a kind of watermark embedding method flow chart based on parlor time delay of the present invention.
Fig. 5 B is a kind of method of detecting watermarks flow chart based on parlor time delay of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is to be understood that the described embodiment is only a part of the embodiment of the present invention, rather than whole implementation Example.Based on the embodiments of the present invention, those skilled in the art are obtained all without making creative work Other embodiments shall fall within the protection scope of the present invention.
The present embodiment discloses a kind of network watermark tagging system based on biorthogonal carrier, as shown in Fig. 2, including multiple water Print agent node and a watermark Scout service device.
The watermarking agent node includes: data flow acquisition module, spatial cache maintenance module, watermark generation module, time Window maintenance module, watermark embedding module, watermark detection module.The data flow acquisition module is collected for capturing network data Data flow essential information, time interval center of gravity and inter-packet gap characteristic information, and generate the stream characteristic statistics number in time interval t According to;The watermark generation module generates watermark information according to data flow essential information;The spatial cache maintenance module, is used for Storing data stream and the watermark information locally generated;The time window maintenance module, for realizing time window mechanism;The watermark It is embedded in module, according to watermarking algorithm, modulated data stream feature;The watermark detection module, according to watermark detection algorithms, solution Watermark information in adjusting data stream, and the watermark information of extraction is identified.
The watermark Scout service device includes: spatial cache maintenance module, security strategy formulation module, watermark tracing module. The spatial cache maintenance module, for storing the warning information and data flow and watermark mapping relations that watermarking agent reports;Institute Security policy module is stated, for generating the access control policy based on watermark;The watermark tracing module, using network topology as base Plinth extracts the transmission path of suspicious data stream according to data flow essential information and the warning information reported, and when foundation Between sequence the forward-path of suspicious data stream is reconstructed.
The present embodiment discloses a kind of network watermark labeling method based on biorthogonal carrier, as shown in figure 3, step are as follows:
Firstly, intercepting and capturing the data flow of exchange, the time interval center of gravity and parlor delay characteristics information of carrier are extracted.Secondly, Processing is orthogonalized to two-dimensional carrier, first time interval center of gravity carrier is modulated, later again to parlor time delay carrier into Row modulation.Due to having used two kinds of carriers of time interval center of gravity and parlor time delay to carry traffic flow information jointly, so needing first Guarantee orthogonal each other between carrier, becomes mutually orthogonal carrier, i.e., the change of every kind carrier all hardly influences The characteristic information of other carriers.By selecting suitable parameters, after guaranteeing two kinds of carrier modulations of time interval center of gravity and parlor time delay It does not interfere with each other, realizes the orthogonal of carrier.Here, due to time interval center of gravity compared to parlor time delay have better robustness, It is first embedded in the watermark information based on time interval center of gravity in embedding information, then is embedded in the watermark information based on parlor time delay.Though The watermark information being so embedded in has a degree of influence to the watermark information based on time interval center of gravity, but due to time interval Center of gravity is insensitive to packet delay, so will not influence correct extraction of the detection side to the watermark information based on time interval center of gravity. On this basis, watermark information is embedding according to the watermarking algorithm based on time interval center of gravity and the watermark based on parlor time delay Enter algorithm to be embedded into carrier.Finally, judging whether data packet to be sent needs to postpone to send.
A kind of network watermark detection method is also disclosed in the present embodiment, and step includes: to obtain data flow with watermarked information, mentions Essential information and characteristic information are taken, this feature information includes time interval gravity center characteristics and parlor delay characteristics;When using being based on Between be spaced center of gravity and parlor time delay watermark detection algorithms, extract based on the time interval center of gravity and parlor time delay watermark letter Breath;It is requested according to the essential information and obtains original watermark information;By the watermark information and the original watermark information into Row compares, and the data flow for being higher than given threshold to accuracy authenticates, and to the permission that passes through of certification, it passes through network node;It is right Accuracy is abandoned lower than given threshold with the unsanctioned data flow of certification, and reports warning information.
A kind of network watermark method for tracing is also disclosed in the present embodiment, and step includes: collection warning information, according to essential information And warning information, it traces to the source suspicious data stream transmission path;Suspicious data stream transmission path is extracted, according to time sequencing pair The forward-path of suspicious data stream is reconstructed and shows.
Watermark Scout service device is built in the control node of cloud platform, using spatial cache maintenance module as warning data Memory space, and storing data stream and watermark mapping relations, start timing mechanism, the letter that Monitor detection watermarking agent node reports Breath.A watermarking agent node is established in each calculate node and borde gateway, the watermarking agent node is tieed up with spatial cache Memory space of the module as data buffer storage queue and watermark information is protected, a sliding time is arranged by time window maintenance module Window enters the monitoring stage after whole module initializations.Cloud platform service cluster is established based on the cloud platform
The data flow acquisition module to intercept and capture transmit queue data stream statistics data time interval center of gravity (ICC) and Parlor time delay (IPD) characteristic information, at the same extract data flow < source IP address, purpose IP address, source port number, destination port Number, protocol number > five-tuple stream essential information, and data flow characteristics information and essential information are reported to data buffer storage queue.
Time, security level, category is added as stream according to data flow essential information in the watermark generation module Identity information generates watermark encoder as watermark information by shared encryption key and watermark information is reported to watermark information and is deposited Store up space.
The watermark embedding module is orthogonalized processing to the time interval center of gravity and parlor time delay carrier of data flow.
The watermark embedding module passes through the time interval gravity center characteristics information of reading data flow, using based on time interval The watermarking algorithm of center of gravity randomly selects time interval center of gravity carrier to be embedded, carries to time interval center of gravity to be embedded Watermark information is embedded in after body grouping;If the time interval center of gravity carrier of data flow can not be embedded in complete watermark information, the water Print insertion module will send error message and data flow size information to the watermark generation module, and watermark generation module is by foundation Data stream size information regenerates watermark information and feeds back to the watermark embedding module;If the time interval center of gravity of data flow Carrier is completely embedded in after watermark information still there are also remaining time interval center of gravity carrier to be embedded, and the watermark embedding module will Loop embedding watermark information.
The watermark embedding module passes through the parlor delay characteristics of reading data flow, embedding using the watermark based on parlor time delay Enter algorithm, randomly select parlor time delay carrier to be embedded, after carrying out quantization index modulation to parlor time delay carrier to be embedded It is embedded in watermark information;If the parlor time delay carrier of data flow can not be embedded in complete watermark information, the watermark embedding module will Error message and data flow size information are sent to the watermark generation module, watermark generation module will be believed according to data stream size Breath regenerates watermark information and feeds back to the watermark embedding module;If the parlor time delay carrier of data flow is completely embedded in watermark Still there are also remaining parlor time delay carrier to be embedded after information, the watermark embedding module is by loop embedding watermark information.
After the completion of watermark is embedded in transmit queue is added in data flow by the watermark embedding module, and data flow is believed substantially Breath, corresponding watermark information and sending time are reported to the watermark tracing module.
The above-mentioned course of work for watermark built-in end, the following are the courses of work of watermark receiving terminal.Watermarking agent node exists When receiving network data flow, time interval of the data flow acquisition module to the data stream statistics data for intercepting and capturing transmit queue Center of gravity and parlor delay characteristics information, at the same extract data flow < source IP address, purpose IP address, source port number, destination port Number, protocol number > five-tuple stream essential information.
The watermark detection module is according to the data flow essential information extracted to the watermark tracing module request data stream The original watermark information of insertion, while the mark field detection algorithm of the watermark based on time interval center of gravity and parlor time delay extracts Watermark information.The original watermark information of watermark information and acquisition to extraction is compared;If the watermark information accuracy extracted Lower than the threshold value of setting, then the data flow is abandoned, and reports warning information to the watermark tracing module;If the watermark extracted Information accuracy is higher than the threshold value of setting, then authenticates to data stream;If certification is determined as "Yes", that is, allow the network data The inflow/outflow end node is flowed, then continues to forward the data stream;If certification is determined as "No", i.e., the network data is not allowed The inflow/outflow end node is flowed, then blocks the data stream, and reports warning information to the watermark tracing module.
The watermark tracing module is according to the warning information reported, according to data flow essential information and watermark information to suspicious The reconstruct of traffic flow information forward-path, and reconfiguration information is presented to network administrator in a manner of visual.
Watermarking agent node is by<source IP address, purpose IP address, source port number, destination slogan, protocol number>five-tuple Identical data packet is considered as same stream, and counts the data packet feature that continuous time interval is a stream in t.By every number It is stored in the increased data buffer storage queue of local timing according to the statistical data of stream, and safeguards that a width is time interval t's Time window, so that time window slides on buffer queue.The time window increases direction to timing and slides, and skids off the caching of time window Data in queue will be deleted, and queue space is released.
Watermarking agent node carries out the insertion of data flow capture and watermark information according to following below scheme:
A) initialize: when calling flow data acquisition module, open function will call tun_chr_open () Function, it will complete a series of initialization procedures, initialization function, meshwork buffering area chained list including trawl performance part is arranged Initialization and waiting list initialization.
B) received data packet: when receiving flow data, tun_chr_write function will be called, it uses tun_ Get_user receives data from user area, and data are stored in SKB.Then, crucial function netif_rx (skb) is called, It gives SKB to the processing of ICP/IP protocol stack, completes the data receiver of network interface card.Wherein .ndo_open=tun_net_open Open function is by calling netif_start_queue (dev) that upper layer is notified to start received data packet;.ndo_stop=tun_ Net_close close function is by calling netif_stop_queue (dev) that upper layer is notified to stop received data packet.
C) modulation data packet sending time: watermark embedding module is based respectively on watermark insertion and the extraction algorithm of parlor time delay The delay time of data packet to be modulated is determined with extraction algorithm with the watermark insertion based on time interval.When acquisition delay time Afterwards, by calling skb_queue_tail function to handle data packet.Wherein tun- > socket.sk- > sk_receive_ Data packet is pressed into receiving queue by queue function;.ndo_change_time=tun_net_change_time function realization is prolonged Slow data packet sending time function.
D) send data packet: driver registers hard_start_xmit first and sends function, and is receiving transmission data The function is called after packet instruction.Meanwhile hard_start_xmit function can call tun_net_xmit function, SKB therein again It will be added into SKB chained list, and wake up the character driving being blocked and read data process.Later, the character driving of network interface card will call Tun_chr_read () function, is read out SKB chained list, and the SKB that each is read is sent to user area, is finally completed Data packet forwarding.
Fig. 1 show a kind of application example of the invention, and the cloud platform based on OpenStack establishes cloud platform service cluster With internal data cluster, watermarking agent node is established in each calculate node and borde gateway, watermark is established in control node and chases after Track server, two clusters are connected by router, are connect by gateway with public administration and service platform, are believed by watermark The insertion and extraction of breath realize data security transmission, provide security service for Terminal Server Client.
The above method may be based on the watermark information insertion and detection of time interval center of gravity and parlor time delay, without orthogonalization Processing is implemented separately, a kind of watermark embedding and detection method based on time interval center of gravity and parlor time delay disclosed herein, such as schemes Flow chart shown in 4A, 4B, Fig. 5 A, 5B, process except without in addition to orthogonalization process, remaining with it is above-mentioned essentially identical.
A kind of watermark embedding and detection algorithm based on time interval center of gravity is described in detail below in conjunction with figure and based on parlor Every watermarking algorithm and detection algorithm.
Fig. 4 A, 4B are a kind of watermark embedding and detection method flow diagram based on time interval center of gravity.Data-oriented stream FN, It is t that it, which is considered as the duration, known to definitionn, there is nfThe set of a ordered data packet.Each time interval length is enabled to be Tn, then shareA time interval, wherein the last one time interval is done nothing.It requires insertion Fang Yujian The shared information in survey side is as shown in table 1.
Watermark embedding and detection algorithm shared parameter of the table 1 based on time interval center of gravity
1, the watermarking algorithm based on time interval center of gravity:
Input: the data flow of watermark to be embedded, watermark information;
Output: the data flow of watermark, the corresponding relationship of watermark and data flow are embedded in:
(1) sampling period T={ t is initialized1,t2…tm, sample frequency f, time window Win={ win1,win2…winn};
(2) essential information and time interval gravity center characteristics information of data flow are extracted;
(3) time interval center of gravity is obtained using formula (1);
(4) [0, qS is obtained using formula (2)c] on base weight heart attribute value CNI', utilize CNI' randomly select it is to be embedded Time interval center of gravity realize carrier selection randomization, with eliminate insertion identical information stream between dependence;
CNI'=(qSCNI/Tn) mod (qS), (q > 1) (2)
Wherein, q=2.5 is quantization multiplier, by limit theorem it is found that working as q → ∞, qCNIIt is uniformly to divide in [0, ∞] Cloth.Then, a Big prime S is selected, it, will be using the C after quantization multiplier as shown in formula (1)NIIt is mapped to CNI′。
(5) C is utilizedNI' corresponding random numberFromIn a interval N is selected at randomrA time intervalBy preceding 2k (2k < nr) it is a interval as be embedded in watermark position, It is divided into k group in order;
(6) two time interval centers of gravity in one group are modulated respectively.If the ICC at two intervals is respectively in one group CF2And CF3, takeWherein Wherein Enable YF=CF2-CF3, by changing YFRealize the insertion and detection to watermark.
If being embedded in "+1 ", by increasing the time delay of each data packet to increase CF2, reduce CF3.To CF2And CF3In it is every It is aWithMake following adjustment:
Thus, it is possible to calculate Then have
If insertion " 0 ", by by CF2In data packet portions be transferred to CF3In, to reduce CF2, increase CF3.To CF2In Data packet carry out such as down conversion: the data packet on [0, T-a] does not convert;Data packet on [T-a, T] carries out such as down conversion:To CF3In data packet carry out such as down conversion: the data packet on [0, a] carries out such as down conversion:Data packet on [a, T] is not changed.Thus, it is possible to calculate Then have
2, the watermark detection algorithms based on time interval center of gravity:
Input: the original watermark information of data flow, acquisition with watermark;
Output: the watermark information of extraction, warning information:
(1) sampling period T={ t is initialized1,t2…tm, sample frequency f, time window Win={ win1,win2…winn};
(2) essential information and time interval gravity center characteristics information of data flow are extracted;
(3) time interval center of gravity is obtained using formula (1);
(4) using formula (5) detect watermark information, due to be embedded in the watermark information based on time interval center of gravity " 0 ", "+1 " is equiprobable, so can obtain judgment threshold V according to formula (3) and (4)th:
(5) if the watermark information accuracy extracted abandons the data flow, and early warning is reported to believe lower than the threshold value of setting Breath, otherwise goes to step (6);
(6) if certification is determined as "Yes", that is, allow the network data flow inflow/outflow end node, then continuing forwarding should Data stream does not allow the network data flow inflow/outflow end node, then blocks this number if certification is determined as "No" According to stream, and report warning information.
Fig. 5 A, 5B are a kind of watermark embedding and detection method flow diagram based on parlor time delay.It requires insertion Fang Yujian The shared information in survey side is as shown in table 2.
Watermark embedding and detection shared parameter of the table 2 based on parlor time delay
3, the watermarking algorithm based on parlor time delay:
Input: the data flow of watermark to be embedded, watermark information;
Output: the data flow of watermark, the corresponding relationship of watermark and data flow are embedded in:
(1) sampling period T={ t is initialized1,t2…tm, sample frequency f, time window Win={ win1,win2…winn};
(2) essential information and parlor delay characteristics information of data flow are extracted;
(3) average parlor delay characteristics value is obtained using formula (6);
(4) quantization multiplier is used, using formula (7) by IPDavgIt is mapped to IPDavg', to eliminate insertion identical information Dependence between stream;
IPDavg'=(qSIPDavg/Tn) mod (qS), (q > 1) (7)
(5) IPD in T, ipd are calculated separatelyij=ti(j+1)-tij, i ∈ [0, k-1], (j=1,2...... (r-2)), finally One parlor time delay is without processing.Since IPD is theoretically a successive value, so first having to be quantified.Utilize standard X is quantified as its nearest integer, sets quantization step as 2q by non-unifonn quantization function round (x)s> 0, quantization function is as follows:
fq(ipd,qs)=round (ipd/qs) (8)
By (8) formula it is found thatfq(i×qs,qs)=fq(i×qs+y,qs).Assuming that watermark Information bit derives from { 0,1 }, not can be reduced because parlor time delay can only increase, in order to guarantee by fEAfter functional operation Value be at least ipd, imbedding function utilizes (ipd+qs/ 2) rather than ipd.After being embedded in watermark information, each time interval is obtained Parlor time delay (IPDF), by adjusting qsKeep increased time delay sufficiently small, is trembled so as to allow normal users to be construed as network It is dynamic to cause, to guarantee the concealment of watermark information.Imbedding function is as follows:
fE(ipd,qs, w) and=[fq(ipd+qs/2,qs)+Δ]×qs (9)
Wherein, Δ=(2+w-fq(ipd+qs/2,qs)mod2)mod2。
4, the watermark detection algorithms based on time interval center of gravity:
Input: the original watermark information of data flow, acquisition with watermark;
Output: the watermark information of extraction, warning information:
(1) sampling period T={ t is initialized1,t2…tm, sample frequency f, time window Win={ win1,win2…winn};
(2) essential information and time interval gravity center characteristics information of data flow are extracted;
(3) time interval center of gravity is obtained using formula (1);
(4) watermark information, detection function f are detected using formula (10)DIt is as follows:
yi=fD(ipdF,qs)=fq(ipdF,qs)mod 2 (10)
(5) if the watermark information accuracy extracted abandons the data flow, and early warning is reported to believe lower than the threshold value of setting Breath, otherwise goes to step (6);
(6) if certification is determined as "Yes", that is, allow the network data flow inflow/outflow end node, then continuing forwarding should Data stream does not allow the network data flow inflow/outflow end node, then blocks this number if certification is determined as "No" According to stream, and report warning information.
It is noted that the watermarking algorithm and detection algorithm of above-described embodiment introduction are only a kind of preferably calculation Method is not limited to, all to can be realized to the algorithm of time interval center of gravity carrier, parlor time delay carrier insertion watermark information Within the covering scope for belonging to the watermarking algorithm based on time interval center of gravity, parlor time delay described in claim, All algorithm of the extraction based on the time interval gravity center characteristics, the watermark information of parlor delay characteristics that be able to achieve belong to right Described in it is required that based on time interval center of gravity, the watermark detection algorithms of parlor time delay covering scope within.

Claims (10)

1. a kind of network watermark labeling method based on biorthogonal carrier, step include:
Network data flow is captured, therefrom extracts essential information and characteristic information, which is < source IP address, destination IP Location, source port number, destination slogan, protocol number > five-tuple stream information, this feature information include time interval gravity center characteristics and Parlor delay characteristics;
Watermark information is generated according to the essential information;
It is carried using the time interval gravity center characteristics and parlor delay characteristics as time interval center of gravity carrier and parlor time delay Body is orthogonalized processing to two kinds of carriers;
Using the watermarking algorithm based on time interval center of gravity and parlor time delay, the time interval center of gravity carrier and parlor are given Time delay carrier is embedded in the watermark information, sends data packet, completes network watermark label.
2. the method according to claim 1, wherein according to the essential information generate watermark information when, also plus The angle of incidence, security level, category generate watermark encoder by way of shared encryption key as stream identity information.
3. the method according to claim 1, wherein first modulating the time interval center of gravity when orthogonalization process Carrier, parlor time delay carrier described in re-modulation;When being embedded in watermark information, time interval center of gravity carrier insertion watermark letter is first given Breath, then watermark information is embedded in the parlor time delay center of gravity carrier.
4. a kind of watermark embedding method based on time interval center of gravity or parlor time delay, step include:
Network data flow is captured, therefrom extracts essential information and characteristic information, which is < source IP address, destination IP Location, source port number, destination slogan, protocol number > five-tuple stream information, this feature information include time interval gravity center characteristics or Person's parlor delay characteristics;
Watermark information is generated according to the essential information;
Using the time interval gravity center characteristics as time interval center of gravity carrier, or using the parlor delay characteristics as parlor Time delay carrier;
Using the watermarking algorithm based on time interval center of gravity, randomly select the time interval center of gravity carrier, to it is described when Between interval center of gravity carrier grouping after be embedded in the watermark information;Or the watermarking algorithm based on parlor time delay is utilized, at random The parlor time delay carrier is chosen, is embedded in the watermark information after carrying out quantization index modulation to the parlor time delay carrier.
5. according to the method described in claim 4, it is characterized in that, if the time interval center of gravity carrier or parlor time delay carry Body can not be embedded in complete watermark information, then regenerate watermark information according to the data stream size of the acquisition;If insertion There are also remaining carriers to be embedded after complete watermark information, then are embedded in watermark information to the carrier loop to be embedded.
6. a kind of network watermark detection method, step include:
Data flow with watermarked information is obtained, therefrom essential information is extracted and characteristic information, this feature information includes time interval Gravity center characteristics and/or parlor delay characteristics;
Using the watermark detection algorithms based on time interval center of gravity and/or parlor time delay, extracts and be based on the time interval center of gravity The watermark information of feature and/or parlor delay characteristics;
According to the essential information, requests and obtain original watermark information;
The watermark information and the original watermark information are compared, the data flow for being higher than given threshold to accuracy carries out Certification allows it to pass through network node the data flow that certification passes through;To accuracy not leading to certification lower than given threshold The data flow crossed is abandoned, and reports warning information.
7. a kind of network watermark method for tracing, step include:
Warning information is collected to trace to the source to suspicious data stream transmission path according to essential information and warning information;
The suspicious data stream transmission path is extracted, is reconstructed and shows according to forward-path of the time sequencing to suspicious data stream Show.
8. a kind of watermarking agent node, comprising:
One data flow acquisition module, for capturing network data flow, collect data flow essential information, time interval gravity center characteristics and Parlor delay characteristics information, and generate data flow characteristics statistical data;
One watermark generation module, for generating watermark information according to data flow essential information;
One watermark embedding module is used for modulated data stream, is embedded in watermark information to carrier;
One watermark detection module identifies the watermark information of extraction for demodulating data flow with watermarked information;
One spatial cache maintenance module, for storing data stream and watermark information by way of data buffer storage queue;
One time window maintenance module, for realizing time window mechanism, specifically: the time window of maintenance one fixed width time interval, The time window slides on the buffer queue to the increased direction of timing, the number for skidding off time window on the buffer queue According to being deleted, queue space is released.
9. a kind of watermark Scout service device, comprising:
One spatial cache maintenance module, for storing the warning information reported, data flow and watermark mapping relation information;
One security policy module, for generating the access control policy based on watermark information;
One watermark tracing module, the transmission based on network topology, according to essential information and warning information to suspicious data stream Path extracts, and is reconstructed and shows according to forward-path of the time sequencing to suspicious data stream.
10. a kind of network watermark tagging system based on biorthogonal carrier is tracked including watermark described in a claims 9 Watermarking agent node described in server and multiple the claims 8, the watermark Scout service device build on cloud platform control On node processed, the watermarking agent node is built on each calculate node of cloud platform and borde gateway.
CN201710616391.3A 2017-07-26 2017-07-26 Network watermarking method and system based on biorthogonal carrier Expired - Fee Related CN109309644B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710616391.3A CN109309644B (en) 2017-07-26 2017-07-26 Network watermarking method and system based on biorthogonal carrier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710616391.3A CN109309644B (en) 2017-07-26 2017-07-26 Network watermarking method and system based on biorthogonal carrier

Publications (2)

Publication Number Publication Date
CN109309644A true CN109309644A (en) 2019-02-05
CN109309644B CN109309644B (en) 2020-11-20

Family

ID=65202436

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710616391.3A Expired - Fee Related CN109309644B (en) 2017-07-26 2017-07-26 Network watermarking method and system based on biorthogonal carrier

Country Status (1)

Country Link
CN (1) CN109309644B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111565125A (en) * 2020-07-15 2020-08-21 成都数维通信技术有限公司 Method for acquiring message passing through network traffic path
CN112070650A (en) * 2020-09-15 2020-12-11 中国科学院信息工程研究所 Watermark embedding and detecting method for panoramic image
CN113569122A (en) * 2021-09-27 2021-10-29 武大吉奥信息技术有限公司 Recognition method and system for map tile data crawler
CN113965351A (en) * 2021-09-15 2022-01-21 佳缘科技股份有限公司 Ciphertext tracking method based on three-dimensional stream fingerprint
WO2022027807A1 (en) * 2020-08-04 2022-02-10 网络通信与安全紫金山实验室 Network latency-based key exchange method, system, and device, and storage medium
CN116915519A (en) * 2023-09-14 2023-10-20 北京华云安信息技术有限公司 Method, device, equipment and storage medium for tracing data stream

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100195819A1 (en) * 2007-03-20 2010-08-05 Xinyuan Wang Interval Centroid Based Watermark Decoder
CN105187265A (en) * 2015-07-01 2015-12-23 中国科学院信息工程研究所 Network flow watermark labeling and tracing method for flow test
CN106302433A (en) * 2016-08-11 2017-01-04 华侨大学 A kind of network flow method of detecting watermarks based on predicting network flow and entropy and system
CN106686007A (en) * 2017-03-03 2017-05-17 南京理工大学 Active flow analysis method for finding intranet controlled rerouting nodes

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100195819A1 (en) * 2007-03-20 2010-08-05 Xinyuan Wang Interval Centroid Based Watermark Decoder
CN105187265A (en) * 2015-07-01 2015-12-23 中国科学院信息工程研究所 Network flow watermark labeling and tracing method for flow test
CN106302433A (en) * 2016-08-11 2017-01-04 华侨大学 A kind of network flow method of detecting watermarks based on predicting network flow and entropy and system
CN106686007A (en) * 2017-03-03 2017-05-17 南京理工大学 Active flow analysis method for finding intranet controlled rerouting nodes

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张璐、罗军舟、杨明: "基于正交流量特征的多维流水印技术", 《2010年全国通信安全学术会议论文集》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111565125A (en) * 2020-07-15 2020-08-21 成都数维通信技术有限公司 Method for acquiring message passing through network traffic path
WO2022027807A1 (en) * 2020-08-04 2022-02-10 网络通信与安全紫金山实验室 Network latency-based key exchange method, system, and device, and storage medium
CN112070650A (en) * 2020-09-15 2020-12-11 中国科学院信息工程研究所 Watermark embedding and detecting method for panoramic image
CN112070650B (en) * 2020-09-15 2023-12-22 中国科学院信息工程研究所 Watermark embedding and detecting method for panoramic image
CN113965351A (en) * 2021-09-15 2022-01-21 佳缘科技股份有限公司 Ciphertext tracking method based on three-dimensional stream fingerprint
CN113569122A (en) * 2021-09-27 2021-10-29 武大吉奥信息技术有限公司 Recognition method and system for map tile data crawler
CN113569122B (en) * 2021-09-27 2021-12-10 武大吉奥信息技术有限公司 Recognition method and system for map tile data crawler
CN116915519A (en) * 2023-09-14 2023-10-20 北京华云安信息技术有限公司 Method, device, equipment and storage medium for tracing data stream
CN116915519B (en) * 2023-09-14 2023-12-12 北京华云安信息技术有限公司 Method, device, equipment and storage medium for tracing data stream

Also Published As

Publication number Publication date
CN109309644B (en) 2020-11-20

Similar Documents

Publication Publication Date Title
CN109309644A (en) A kind of network watermark labeling method and system based on biorthogonal carrier
Rawat et al. Software defined networking architecture, security and energy efficiency: A survey
Liu et al. Efficient DDoS attacks mitigation for stateful forwarding in Internet of Things
Gao et al. Tracing cyber attacks from the practical perspective
Cao et al. Understanding internet DDoS mitigation from academic and industrial perspectives
Liu et al. FL-GUARD: A detection and defense system for DDoS attack in SDN
CN108737447B (en) User datagram protocol flow filtering method, device, server and storage medium
CN108429761B (en) DDoS attack detection and defense method for resource adaptation analysis server in intelligent cooperative network
CN101589595A (en) A containment mechanism for potentially contaminated end systems
CN105429940B (en) A method of the extraction of network data flow zero watermarking is carried out using comentropy and hash function
Osanaiye et al. TCP/IP header classification for detecting spoofed DDoS attack in Cloud environment
TWI698102B (en) Threat detection system for mobile communication system, and global device and local device thereof
KR20190029486A (en) Elastic honeynet system and method for managing the same
Shoaib et al. Understanding network requirements for smart city applications: Challenges and solutions
De Rango et al. Mitigating DoS attacks in IoT EDGE Layer to preserve QoS topics and nodes' energy
CN108777664A (en) A kind of data package processing method and its equipment, system, storage medium
WO2016155574A1 (en) Method for communication between network devices, network device, and distributed network
CN106027419B (en) A kind of management method and device of data structure
Furuhashi et al. Opentag: Tag-based network slicing for wide-area coordinated in-network packet processing
WO2017070965A1 (en) Data processing method based on software defined network and related device
Balyk et al. A survey of modern IP traceback methodologies
Le et al. Correlation-based load balancing for network intrusion detection and prevention systems
CN109195160A (en) Network equipment resource detects the anti-tamper storage system and its control method of information
CN107959596A (en) A kind of method and network system of the monitoring network based on network system
CN107070953B (en) Link guard system and its method based on Dynamic Programming

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201120

Termination date: 20210726