基于时隙的多重冗余流指纹模型

Multiple redundant flow fingerprint model based on time slots

随着互联网的日益广泛应用,各种网络安全问题频频暴露,以“打补丁”形式为主的安全增强模式难以有效防范日益增长的安全风险,网络安全领域研究者认为未来互联网体系架构应当将安全作为一种基本属性,实现网络架构对安全的内生支持。为了支持内生安全的数据可信,在流水印/流指纹机制的研究基础之上,设计实现了一种基于时隙的多重冗余流指纹模型。该模型使用3个时隙间隔,通过对指定时隙内的数据包进行延迟等操作,可在相邻比特操作不产生冲突的情况下实现指纹嵌入,并且引入冗余编码来提高指纹健壮性,同时考虑到网络中抖动或攻击者的恶意扰乱等行为,将延迟干扰、垃圾数据包干扰以及丢包干扰对模型的影响进行了理论分析,结果表明在给定网络流中数据的包分布时,随着冗余位的增加,指纹模型的鲁棒性明显提高。为了减少时间和空间消耗,提高数据包操作的效率和精度,基于内核设计和实现流指纹原型系统,并对其效率和鲁棒性进行评估,实验表明该模型具有很高的鲁棒性。最后,展示了所提模型的应用场景,基于该流指纹功能模型,能有效检测中间人攻击,预防网络身份欺骗。

With the increasingly widespread use of the Internet,various network security problems are frequently exposed,while the“patching”style security enhancement mechanisms cannot effectively prevent the growing security risks.The researchers in the field of network security believe that the future Internet architecture should take security as a basic attribute to provide the native security support which is also called as endogenous safety and security.In order to support the data trustworthiness of endogenous security,a time-slot based multiple redundant flow fingerprint model was designed and implemented based on the research of the watermark(or fingerprint)mechanism.The proposed model used only three time slot intervals and operated the packets within the specified time slots,so that the fingerprint can be embedded without conflicting with the adjacent bit operations.Redundant coding was introduced to improve the fingerprint robustness,and the behaviors such as jitter or malicious disruptions by attackers in the network were considered.Furthermore,the impacts of delayed interference,spam packet interference and packet loss interference were analyzed.The analytical results show that the robustness of the fingerprint model improves with increasing redundant bits when the packet distribution in the network stream is given.Besides,in order to reduce the consumption of time and space and improve the efficiency and accuracy of packet operations,a flow fingerprinting prototype system was designed and implemented based on the kernel,and its efficiency and robustness were evaluated.The experimental result show that the model has high robustness.Additionally,the application scenario of the model was elaborated,which can effectively detect man-in-the-middle attacks and prevent network identity spoofing with the help of the flow fingerprinting model.