Dot Net

Robust Correlation of Encrypted Attack Traffic Through Stepping Stones by Flow Watermarking

Robust Correlation of Encrypted Attack Traffic Through Stepping Stones by Flow Watermarking

Abstract  

Network based intruders seldom attack their victims directly from their own computer. Often, they stage their attacks through intermediate “stepping stones” in order to conceal their identity and origin. To identify the source of the attack behind the stepping stone(s), it is necessary to correlate the incoming and outgoing flows or connections of a stepping stone. To resist attempts at correlation, the attacker may encrypt or otherwise manipulate the connection traffic. Timing based correlation approaches have been shown to be quite effective in correlating encrypted connections. However, timing based correlation approaches are subject to timing perturbations that may be deliberately introduced by the attacker at stepping stones. In this project, our watermark-based approach is “active” in that

It embeds a unique watermark into the encrypted flows by slightly adjusting the timing of selected packets. The unique watermark that is embedded in the encrypted flow gives us a number of advantages over passive timing based correlation in resisting timing perturbations by the attacker. A two-fold monotonically increasing compound mapping is created and proved to yield more distinctive visible watermarks in the watermarked image. Security protection measures by parameter and mapping randomizations have also been proposed to deter attackers from illicit image recoveries. Robust Correlation of Encrypted Attack Traffic Through Stepping Stones by Flow Watermarking

Hardware Requirements
  • System            : Pentium IV 2.4 GHz.
  • Hard Disk         : 40 GB.
  • Floppy Drive             : 1.44 Mb.
  • Monitor             :  15 VGA Colour.
  • Mouse             : Logitech.
  • Ram                 :512 Mb.
Software Requirements
  • Operating system             : Windows XP.
  • Coding Language             : C#.net
  • Data Base                           : SQL Server 2005    
Existing System:

Existing connection correlation approaches are based on three Different characteristics: 1) host activity; 2) connection content (i.e. packet payload); and 3) inter-packet timing characteristics. The host activity based approach collects and tracks users’ login activity at each stepping stone.

Disadvantages of Existing System:
  • The major drawback of host activity based methods is that the host activity collected from each stepping stone is generally not trustworthy.
  • Since the attacker is assumed to have full control over each stepping stone, he/she can easily modify, delete or forge user login information. This defeat the ability to correlate based on Host activity.
Proposed System:

The objective of watermark-based correlation is to make the correlation of encrypted connections probabilistically robust against random timing perturbations by the adversary.

Unlike existing timing-based correlation schemes, our watermark-based correlation is active in that it embeds a unique watermark into the encrypted flows, by slightly adjusting the timing of selected packets.

If the embedded watermark is both unique and robust, the watermarked flows can be effectively identified and thus correlated at each stepping stone.

TAGS :

Related Post

Improving Aggregate Recommendation Diversity Using
Secure and Efficient Data Transmission for Cluster
Congestion Aware Routing in Nonlinear Elastic Opti