IP-Pealing: A Robust Network Flow Watermarking Method Based on IP Packet Sequence

Network flow watermarking (NFW) is usually used for flow correlation. By actively modulating some features of the carrier traffic, NFW can establish the correspondence between different network nodes. In the face of strict demands of network traffic tracing, current watermarking methods cannot work efficiently due to the dependence on specific protocols, demand for large quantities of packets, weakness on resisting network channel interferences and so on. To this end, we propose a robust network flow watermarking method based on IP packet sequence, called as IP-Pealing. It is designed to utilize the packet sequence as watermark carrier with IP identification field which is insensitive to time jitter and suitable for all IP based traffic. To enhance the robustness against packet loss and packet reordering, the detection sequence set is constructed in terms of the variation range of packet sequence, correcting the possible errors caused by the network transmission. To improve the detection accuracy, the long watermark information is divided into several short sequences to embed in turn and assembled during detection. By a large number of experiments on the Internet, the overall detection rate and accuracy of IP-Pealing reach 99.91% and 99.42% respectively. In comparison with the classical network flow watermarking methods, such as PROFW, IBW, ICBW, WBIPD and SBTT, the accuracy of IP-Pealing is increased by 13.70% to 54.00%.