5 years ago

DropWat: An Invisible Network Flow Watermark for Data Exfiltration Traceback

Yuval Elovici, Alfonso Iacovazzi, Sanat Sarda, , Daniel Frassinelli
Network flow watermarking techniques have been proposed during the last ten years as an approach to trace network flows for intrusion detection purposes. These techniques aim to impress a hidden signature on a traffic flow. A central property of network flow watermarking is invisibility, i.e., the ability to go unidentified by an unauthorized third party. Although widely sought after, the development of an invisible watermark is a challenging task that has not yet been accomplished. In this paper, we take a step forward in addressing the invisibility problem with DropWat, an active network flow watermarking technique developed for tracing Internet flows directed to the staging server that is the final destination in a data exfiltration attack, even in the presence of several intermediate stepping stones or with an anonymous network. DropWat is a timing-based technique that indirectly modifies interpacket delays by exploiting the network’s reaction to packet loss. We empirically demonstrate that the watermark embedded by means of DropWat is invisible to a third party observing the watermarked traffic. We also validate DropWat and analyze its performance in a controlled experimental framework with a series of experiments on the Internet, using Web proxy servers as stepping stones executed on several instances in Amazon Web Services; the experiments are also conducted using the TOR anonymous network in place of the stepping stones. Our results show that the detection algorithm is able to identify an embedded watermark, achieving over 95% accuracy while being invisible.
You might also like
Discover & Discuss Important Research

Keeping up-to-date with research can feel impossible, with papers being published faster than you'll ever be able to read them. That's where Researcher comes in: we're simplifying discovery and making important discussions happen. With over 19,000 sources, including peer-reviewed journals, preprints, blogs, universities, podcasts and Live events across 10 research areas, you'll never miss what's important to you. It's like social media, but better. Oh, and we should mention - it's free.

  • Download from Google Play
  • Download from App Store
  • Download from AppInChina

Researcher displays publicly available abstracts and doesn’t host any full article content. If the content is open access, we will direct clicks from the abstracts to the publisher website and display the PDF copy on our platform. Clicks to view the full text will be directed to the publisher website, where only users with subscriptions or access through their institution are able to view the full article.