电子学报 ›› 2017, Vol. 45 ›› Issue (8): 1947-1956.DOI: 10.3969/j.issn.0372-2112.2017.08.020

• 学术论文 • 上一篇    下一篇

支持多租户的网络测试床模拟流量标记和溯源模型

丁嘉宁1,2, 张鹏1,2, 杨嵘1,2, 刘俊朋1,2, 刘庆云1,2, 熊刚1,2   

  1. 1. 中国科学院信息工程研究所信息内容安全技术国家工程实验室, 北京 100093;
    2. 中国科学院大学 网络空间安全学院, 北京 100049
  • 收稿日期:2015-04-28 修回日期:2017-03-18 出版日期:2017-08-25
    • 通讯作者:
    • 张鹏
    • 作者简介:
    • 丁嘉宁,男,1991年出生,现为中国科学院信息工程研究所研究实习员.主要从事网络数据分析、信息安全等相关领域研究.E-mail:dingjianing@iie.ac.cn;杨嵘,男,1978年出生,高级工程师,CCF会员,主要研究领域为信息安全、云计算.E-mail:yangrong@iie.ac.cn;刘俊朋,男,1987年出生,硕士,CCF会员,主要研究领域为信息安全、云计算、网络流处理.E-mail:liujunpeng@iie.ac.cn;刘庆云,男,1980年出生,博士,高级工程师,CCF会员,主要研究领域为信息安全,云计算.E-mail:liuqingyun@iie.ac.cn;熊刚,男,1977年出生,博士,高级工程师,博士生导师,主要研究领域为网络测量,网络攻防与信息对抗,信息安全.E-mail:xionggang@iie.ac.cn
    • 基金资助:
    • 国家自然科学基金 (No.61402464); 国家重点研发计划项目 (No.2016YFB0801304)

Multi-tenant Network Testbed Flow Watermarking and Provenance Tracing Model

DING Jia-ning1,2, ZHANG Peng1,2, YANG Rong1,2, LIU Jun-peng1,2, LIU Qing-yun1,2, XIONG Gang1,2   

  1. 1. National Engineering Laboratory for Information Security Technologies, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
    2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2015-04-28 Revised:2017-03-18 Online:2017-08-25 Published:2017-08-25
    • Supported by:
    • National Natural Science Foundation of China (No.61402464); Program of National Key Research and Development Program of China (No.2016YFB0801304)

摘要: 为了在支持多租户的网络测试床中对模拟流量进行标记和溯源,提出了一种基于时间间隔的网络流水印模型,当生成模拟流量时,该模型首先把水印内容转换成0~1比特序列,然后将0~1比特序列转换成流中数据包发送的时间间隔从而实现对模拟流量的标记.当接收模拟流量时,该模型通过将流中数据包的时间间隔转换成0~1比特序列,进而获取对应的水印内容,从而实现模拟流量的溯源.理论分析表明,该模型能够抵御多种攻击手段,同时大量实验证明了该模型在不丢包情况和丢包情况下对模拟流量进行溯源的有效性.

关键词: 网络测试床, 云计算, 水印, 溯源, 模拟流量

Abstract: In order to label and trace the provenance of any simulated flow in multi-tenant network testbed,an interval-based flow watermarking and provenance tracing model was proposed.When a simulation flow was generated,this model first transformed the user's watermarking content into 0-1 bit sequence and then sent packets of the flow at particular intervals according to the 0-1 bit sequence to label the flow.When the simulation flow was captured by the model,the time intervals between packets in the flow were transformed into the 0-1 bit sequence so that the watermarking content could be extracted to trace the provenance of this simulation flow.The resilience against various known attack techniques is illustrated through theoretical analysis.Moreover,a large number of experiments prove the validity of this model in tracing simulation flows under both normal and abnormal circumstance.

Key words: network testbed, cloud computing, watermarking, provenance tracing, simulated flow

中图分类号: